gate-info-liveroomlocation
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs HTTP GET requests to the
gate.ioAPI endpoint (/live/gate_ai/tag_coin_live_replay) to retrieve metadata for live streams and videos. This is a functional requirement for the skill and targets infrastructure owned by the vendor. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external, untrusted content.
- Ingestion points: The agent retrieves
live.nameandvideo.title(user-generated content from stream creators) from the Gate API as specified inSKILL.md. - Boundary markers: The instructions do not define boundary markers (such as XML tags or delimiters) to isolate the external content or instruct the agent to ignore any commands embedded within those strings.
- Capability inventory: The skill's primary capability is to display the retrieved titles and links as a list in the chat response.
- Sanitization: There are no instructions provided for sanitizing or validating the retrieved titles before they are included in the output, allowing potentially malicious instructions to enter the agent's context.
Audit Metadata