gate-market
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely focused on data analysis and visualization. It does not contain any executable code, scripts, or external dependencies.
- [PROMPT_INJECTION]: The routing logic and sub-module instructions are strictly task-oriented. There are no attempts to override agent behavior, bypass safety filters, or extract system prompts.
- [DATA_EXPOSURE]: No hardcoded credentials, API keys, or sensitive file paths were found. The skill claims to be read-only and uses established MCP tools for all data retrieval.
- [REMOTE_CODE_EXECUTION]: The skill does not download or execute remote code. It orchestrates pre-defined MCP tools rather than performing raw network operations or shell commands.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests market data (e.g., prices, volume, coin names) from the Gate.io API via MCP tools. While this is an ingestion point for untrusted data, the skill lacks exploitable capabilities—such as subprocess execution, file system writes, or dynamic code evaluation—that would allow for a successful injection attack. All data is interpolated into static Markdown templates for reporting purposes.
Audit Metadata