The Agent Skills Directory

[CREDENTIALS_UNSAFE]: Documentation files references/openapi.md and references/openapi/_shared.md contain hardcoded API keys (api_key) and secrets (secret_key) for a public default tier, exposing these credentials in plain text.\n- [CREDENTIALS_UNSAFE]: The skill instructs the agent to read and write sensitive API credentials to ~/.gate-dex-openapi/config.json on the local host system, which is outside the immediate workspace and persists across sessions.\n- [COMMAND_EXECUTION]: The skill uses shell commands for environment setup, including directory creation (mkdir) and strict permission modification (chmod) on the local filesystem. It also executes a Python helper script (scripts/gate-api-call.py) using subprocess calls to perform signed API requests.\n- [EXTERNAL_DOWNLOADS]: The skill implements an 'Auto-Update' feature that checks for newer versions from a remote GitHub repository (github.com/gate/gate-skills) at session start. It also references remote instruction sets (gate-runtime-rules.md) that the agent is commanded to fetch and follow.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external data from market APIs, including token names, descriptions, and security audit warnings, which are presented to the user and could influence agent logic without visible sanitization.

gate-dex-market