gmgn-market

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask the user to "send me the API Key value" and shows an example that embeds the key verbatim into a command (echo 'GMGN_API_KEY=<key_from_user>' > ~/.config/gmgn/.env), which requires the LLM to receive and/or output the secret value directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content includes explicit social-engineering steps to have users provide their GMGN_API_KEY (direct credential collection), plus insecure key handling guidance and a recommendation to install a global CLI (supply-chain risk), which together present a high risk of credential theft/exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill uses gmgn-cli to fetch trending/trenches/signal data from the GMGN API and explicitly consumes untrusted, user-generated fields (website, twitter_username, telegram, social links, and raw upstream "data" snapshots) which the workflow requires the agent to read and use for filtering and decision-making (e.g., has_social, social fields, and data.* used in pass/watch/skip rules), so third-party content can materially influence actions.