gmgn-token
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the gmgn-cli package from the NPM registry. This is a vendor-provided tool required for the skill's core functionality.
- [COMMAND_EXECUTION]: The skill instructs the agent to perform local shell operations for troubleshooting and setup:
- Diagnostics: Executes ifconfig and ip addr show to identify IPv6 addresses during connectivity troubleshooting.
- Setup: Uses openssl to generate keys and standard utilities (mkdir, echo, chmod) to manage local configuration files and environment secrets.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) due to its processing of external blockchain data.
- Ingestion points: Data enters the agent context through the outputs of gmgn-cli subcommands (e.g., token info, holder lists).
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are used for external data.
- Capability inventory: The skill possesses shell execution capabilities via the gmgn-cli tool.
- Sanitization: No sanitization or validation logic is defined for the retrieved external strings.
Audit Metadata