The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The file scripts/gate-api-call.py contains hardcoded default API credentials (api_key and secret_key) used for authentication with the Gate DEX OpenAPI.
[DATA_EXFILTRATION]: The documentation in references/openapi/sign.md and references/openapi.md explicitly encourages users to paste their private keys or mnemonics into the AI chat interface. This practice exposes sensitive financial credentials to the AI service provider's context logs.
[COMMAND_EXECUTION]: The install.sh script automates the modification of global configuration files, such as ~/.cursor/mcp.json, and writes persistent routing rules to the workspace (e.g., CLAUDE.md, .cursor/rules/gate-dex-trade.md). The skill also relies on the execution of local Python and Node.js scripts to perform API calls and transaction signing.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing untrusted data from blockchain API responses and using it to construct shell commands and transaction payloads.
Ingestion points: Data returned from the openapi.gateweb3.cc endpoint and various MCP tools (e.g., token lists, quotes).
Boundary markers: None specified in the instructions to protect against malicious content in API responses.
Capability inventory: Shell command execution (python3, node), file system modifications (configuration writing), and network communication.
Sanitization: There is no evidence of sanitization or validation for data ingested from external APIs before it is interpolated into shell command arguments.

gate-dex-trade