gate-exchange-affiliate

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup.sh is intended to run at runtime and uses curl to fetch releases metadata from https://api.github.com/repos/gate/gate-cli/releases/latest and to download/install the binary from https://github.com/gate/gate-cli/releases/download/... which pulls and installs remote executable code the skill may run, creating a required runtime dependency that executes external code.