Skills
skills/gate/gate-skills/gate-exchange-staking/Gen Agent Trust Hub

gate-exchange-staking

Fail

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The setup.sh installation script attempts to use sudo to install the gate-cli binary to /usr/local/bin if local installation fails, which is a privilege escalation pattern.
  • [EXTERNAL_DOWNLOADS]: The skill downloads the gate-cli binary and its checksums from the vendor's official GitHub repository (github.com/gate/gate-cli) during the setup process.
  • [REMOTE_CODE_EXECUTION]: The skill automates the download, extraction, and installation of a remote binary via the setup.sh script and uses this binary for core operations.
  • [DATA_EXFILTRATION]: The skill accesses sensitive user information, including staking positions and rewards, and requires the use of API credentials (GATE_API_KEY and GATE_API_SECRET) which it retrieves from the environment.
  • [PROMPT_INJECTION]: The skill processes untrusted data from the external Gate API (ingestion point) without using boundary markers to isolate it from the agent's instructions. This creates an attack surface for indirect prompt injection that could influence the agent's behavior, especially given its capabilities to execute financial write operations (capability inventory) such as staking and redemption.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 26, 2026, 03:51 PM