gate-exchange-crossex
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses standard instructional language to guide the agent's behavior. It does not contain any attempts to bypass safety filters, ignore previous instructions, or extract system prompts. Constraints like 'Only call MCP tools explicitly listed in this skill' are used appropriately to enforce security boundaries.
- [DATA_EXFILTRATION]: No evidence of unauthorized data access or exfiltration. The skill does not contain hardcoded credentials, and it does not use network-enabled commands like curl or wget. It operates entirely through the provided MCP toolset for exchange queries.
- [REMOTE_CODE_EXECUTION]: There are no patterns suggesting the download or execution of external scripts. The skill relies on local markdown reference files and specified MCP tools.
- [COMMAND_EXECUTION]: The skill does not attempt to execute arbitrary shell commands or system-level processes. All functionality is restricted to the 'cex_crossex' tool family which, in the provided configuration, is used for querying information.
- [INDIRECT_PROMPT_INJECTION]: While the skill ingests data from external exchange APIs (orders, trades, and positions), the risk is negligible because the skill's capabilities are restricted to read-only queries (list and get tools). It lacks 'write' or 'execute' tools that could be exploited by malicious data in the API response.
- [DEPENDENCY_SAFETY]: The skill references a shared runtime rule file ('exchange-runtime-rules.md'). While this is an external file dependency, the skill itself does not download untrusted packages or libraries from public registries.
Audit Metadata