gate-exchange-alpha

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and interprets data from Gate Alpha's external APIs via gate-cli (e.g., gate-cli cex alpha market currencies, market tokens, market tickers, order quote, account balances, order list/get, account book), and those runtime responses (quotes, token status, balances, tickers) are parsed and used to decide quoting/placing orders and next actions, so untrusted third‑party content can materially influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The included setup.sh is invoked at runtime to install the required gate-cli and downloads/releases binaries from GitHub (e.g. https://api.github.com/repos/gate/gate-cli/releases/latest and https://github.com/gate/gate-cli/releases/download/${VERSION}/${ARCHIVE}), which fetches and installs remote executable code that the skill relies on.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly designed for crypto trading on the "Gate Alpha" platform. It defines authenticated, write-capable commands (notably gate-cli cex alpha order place and gate-cli cex alpha order quote) and modules for Trading (Buy) and Trading (Sell). It requires API key/secret credentials, specifies write permissions (Alpha:Write), and enforces quote->confirm->place order flow and order management. These are concrete, purpose-built capabilities to execute financial transactions (place market orders), not generic tooling — therefore it grants direct financial execution authority.