gate-exchange-affiliate
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No prompt injection or bypass patterns detected. The instructions are clearly defined and follow a structured workflow without attempting to override system safety guidelines.
- [DATA_EXFILTRATION]: The skill interacts with official Gate Exchange API endpoints (api.gateio.ws). No sensitive file access or unauthorized data exfiltration patterns were identified. Configuration examples correctly use placeholders for API keys and secrets.
- [EXTERNAL_DOWNLOADS]: The skill mentions the installation of 'gate-mcp' via npm. As this is a resource from the verified author 'gate', it is considered a trusted vendor tool. Links point to official 'gate.com' domains.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns, such as piping curl to bash or using eval on untrusted input, were found.
- [COMMAND_EXECUTION]: The skill describes the installation of its own MCP server ('gate-mcp') which is expected behavior for its primary purpose.
- [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or passwords. Documentation and configuration examples use standard placeholders like 'your-api-key'.
- [INDIRECT_PROMPT_INJECTION]: The skill processes structured financial data from API responses. While it ingests external data, the risk is negligible as it is restricted to specific, structured metrics (commission, volume, etc.) without executing content from those fields.
- [OBFUSCATION]: No obfuscation techniques (Base64, zero-width characters, homoglyphs) were detected in the instructions or code examples.
- [PRIVILEGE_ESCALATION]: No attempts to gain unauthorized privileges (sudo, chmod) were observed.
- [PERSISTENCE]: No persistence mechanisms, such as modifying shell profiles or creating scheduled tasks, are present.
Audit Metadata