gmgn-token

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to ask the user for their GMGN API key and then insert it verbatim into a shell command (echo 'GMGN_API_KEY=<key_from_user>' > ~/.config/gmgn/.env), which requires the LLM to receive and output the secret directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content appears to be legitimate CLI/API documentation but contains a clear high-risk instruction to request the user's API key in-chat ("then send me the API Key value shown on the page") which enables credential exfiltration (plus minor risks like writing private keys to /tmp and instructing global npm installs), so it poses a substantial credential-theft/data-exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to run gmgn-cli to fetch data from the GMGN API (e.g., link.description, link.website, token holders/traders and social fields) and then uses that returned, public/user-generated content to drive safety scoring and follow-up actions, so untrusted third-party content can materially influence decisions.