xgate-server
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute the local CLI utility located at
./plugins/xgate-server/scripts/xgatefor tasks such as searching services, agents, and token transfers.\n- [EXTERNAL_DOWNLOADS]: The skill interacts with the vendor's primary service domains atapi.xgate.runandxgate.runto retrieve blockchain resource metadata and MCP configuration strings.\n- [REMOTE_CODE_EXECUTION]: The skill supports dynamic expansion of the agent's capabilities viaxgate_add_resource, which incorporates new tools into the environment from external URLs provided by the xgate-server. This is a functional feature of the x402/MCP integration.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to the ingestion of untrusted data from the xgate API and on-chain records.\n - Ingestion points: Data enters the agent's context through service search results, agent metadata, and blockchain transfer logs retrieved from
api.xgate.run.\n - Boundary markers: No specific delimiters or instructions to ignore embedded commands are implemented to isolate external data from the system prompt.\n
- Capability inventory: The agent has access to local shell execution (Bash) and the ability to dynamically register new tools, increasing the potential impact of a successful injection.\n
- Sanitization: The skill documentation does not indicate any validation or sanitization of the content fetched from the external API before it is presented to the agent.
Audit Metadata