gate-exchange-coupon

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). setup.sh is invoked as an installation step at runtime and uses curl to fetch and install remote binaries from GitHub releases (e.g. https://github.com/gate/gate-cli/releases/download/${VERSION}/${ARCHIVE}), which downloads and executes external code the skill depends on.