Skills
skills/holon-run/uxc/gate-mcp-skill/Gen Agent Trust Hub

gate-mcp-skill

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches tool configurations and market data from the official Gate.io MCP endpoint at https://api.gatemcp.ai/mcp. This is a well-known service domain.
  • [COMMAND_EXECUTION]: Utilizes the uxc utility to link and execute MCP-based tools, creating a local gate-mcp-cli command alias.
  • [PROMPT_INJECTION]: Presents a potential surface for indirect prompt injection as it processes data from an external API.
  • Ingestion points: Market data (tickers, order books) retrieved from the Gate.io API via gate-mcp-cli.
  • Boundary markers: SKILL.md explicitly directs the agent to 'Keep automation on the JSON output envelope' and 'Parse stable fields first' to isolate data from instructions.
  • Capability inventory: Subprocess execution via uxc to run tools retrieved from the remote endpoint.
  • Sanitization: The skill guidelines enforce structured JSON parsing and advise against raw text processing for automation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 03:57 AM