gate-dex-trade
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Hardcoded API Key and Secret Key are provided as default credentials within the documentation in 'references/openapi.md'.
- [DATA_EXFILTRATION]: The skill instructions explicitly direct the agent to solicit highly sensitive information, including private keys and mnemonics, from the user for transaction signing purposes.
- [PROMPT_INJECTION]: The 'references/openapi.md' file contains instructions designed to override agent safety behavior by mandating the use of 'required_permissions: ["all"]' or '["full_network"]' to bypass IDE sandbox security mechanisms.
- [COMMAND_EXECUTION]: The skill requires the agent to generate and execute complex transaction signing scripts (EVM, Solana, SUI, Ton) at runtime using shell one-liners like 'python3 -c' or 'node -e', involving sensitive user credentials.
- [PRIVILEGE_ESCALATION]: The instructions command the agent to modify file system permissions ('chmod 600') and access paths outside the standard workspace ('~/.gate-dex-openapi/') which are typically protected by default agent constraints.
Recommendations
- AI detected serious security threats
Audit Metadata