gate-exchange-subaccount
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installation of the gate-mcp server from the vendor's official repository (https://github.com/gate/gate-mcp).
- [PROMPT_INJECTION]: The skill ingests user-supplied strings such as login names and remarks for use in account management tool calls, creating an indirect prompt injection surface. Ingestion points: SKILL.md (Step 2). Boundary markers: No explicit markers are used to separate untrusted user input. Capability inventory: Includes write-access tools like cex_sa_create_sa, cex_sa_lock_sa, and cex_sa_unlock_sa. Sanitization: No explicit input sanitization is defined in the instructions.
- [NO_CODE]: This skill package contains only documentation and instructional workflows without executable code.
Audit Metadata