gate-dex-mcptransfer
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user-provided data (recipient addresses, tokens, and amounts) to perform high-privilege financial operations, establishing a surface for indirect prompt injection.
- Ingestion points: User input parameters extracted in Step 2 of the operation flow in SKILL.md.
- Boundary markers: The skill implements a mandatory 'Transaction Confirmation Template' and explicit user confirmation gate before any signing operation.
- Capability inventory: Employs high-privilege tools
wallet.sign_transactionandtx.send_raw_transactionin SKILL.md to perform on-chain write operations. - Sanitization: Includes strict regex-based address validation rules for EVM and Solana networks to prevent malformed or malicious destination addresses.
Audit Metadata