gmgn-track

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly instructs the agent to ask the user for their GMGN API key and private key and then embed those values verbatim into shell commands/files (e.g., echo "GMGN_API_KEY=<key_from_user>" > ~/.config/gmgn/.env), requiring the LLM to handle secrets directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains an explicit instruction to have users paste/send their GMGN API key to the assistant ("then send me the API Key value shown on the page"), which constitutes direct credential exfiltration and is a high-risk malicious pattern; no other code-execution backdoors or obfuscated payloads were found.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md requires using the gmgn-cli to call GMGN API endpoints (e.g., track kol / track smartmoney → GET /v1/user/kol or /v1/user/smartmoney) which ingest platform-sourced, user-generated fields like maker_info.twitter_username, maker_info.name, tags and token metadata and explicitly instruct the agent to analyze those results to drive signals and follow-up actions, so untrusted third‑party content can materially influence behavior.