gate-info-tokenonchain
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Maintenance scripts (update-skill.sh and update-skill.ps1) are included to download updates from the vendor's official GitHub repository at github.com/gate/gate-skills.
- [COMMAND_EXECUTION]: The skill uses maintenance scripts to execute shell commands, including git clone, tar, and unzip, to synchronize local skill files with the remote repository.
- [DATA_EXFILTRATION]: The skill manages blockchain data ingestion from the Gate-Info MCP server. Evidence chain: (1) Ingestion point: blockchain data via info_onchain_get_token_onchain. (2) Boundary markers: structured report templates in SKILL.md. (3) Capability inventory: maintenance scripts executing shell commands. (4) Sanitization: safety rules requiring the shortening of wallet addresses to protect privacy.
- [PROMPT_INJECTION]: The skill contains instructions that define clear capability boundaries, such as explicitly informing the user that Smart Money analysis is currently unsupported to prevent hallucinations.
Audit Metadata