Skills
skills/gate/gate-skills/gate-exchange-activitycenter/Gen Agent Trust Hub

gate-exchange-activitycenter

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the gate-cli binary from the vendor's official GitHub repository at github.com/gate/gate-cli/releases. These downloads are verified via checksums in the included installation script.
  • [COMMAND_EXECUTION]: Executes shell commands via the gate-cli binary to query activity types and listings. The skill uses a preflight --help check pattern to ensure correct flag usage as defined in the vendor's execution specification.
  • [COMMAND_EXECUTION]: The setup.sh script manages tool installation and may utilize sudo to place the binary in /usr/local/bin if the local user directory is not available, which is a standard procedure for CLI installations.
  • [DATA_EXFILTRATION]: Uses GATE_API_KEY and GATE_API_SECRET environment variables to authenticate with Gate Exchange APIs. The skill instructions explicitly prohibit the agent from requesting these secrets directly from the user in chat.
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified through the ingestion of external activity data.
  • Ingestion points: Activity titles and descriptions fetched via gate-cli cex activity list from the Gate API.
  • Boundary markers: The skill uses strict Markdown table templates for output which limits the potential for control character injection.
  • Capability inventory: The skill is strictly read-only and does not possess write or execution capabilities that could be triggered by data ingestion.
  • Sanitization: Activity data is filtered for specific fields (master_one_line, url, type_name) before display.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 03:51 PM