gate-dex-mcpwallet
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill instructions define tools for querying blockchain data (balances, assets, addresses, and transaction history). No malicious commands, obfuscation, or unauthorized data exfiltration patterns were detected.
- [NO_CODE]: The skill consists of documentation and instructional templates (README.md, SKILL.md) for an AI agent to interact with an external MCP server. It does not include executable scripts, binaries, or third-party code dependencies.
- [DATA_EXPOSURE_&_EXFILTRATION]: The skill handles authentication tokens (
mcp_token) and account IDs. It includes explicit security rules to maintain the confidentiality of these tokens (e.g., using placeholders in logs) and performs only read-only queries. No hardcoded secrets or unauthorized network exfiltration logic were found. - [INDIRECT_PROMPT_INJECTION]: The skill processes external data such as transaction history and token lists. However, it lacks exploitable capabilities (like file system writes, subprocess execution, or dynamic code evaluation) that would allow an injection attack to escalate privilege or persist.
Audit Metadata