gate-exchange-flashswap-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to "Read gate-runtime-rules.md" via a publicly accessible GitHub URL (https://github.com/gate/gate-skills/...), which requires fetching and interpreting external, public repository content that could alter tool-calling rules and thus materially influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly defines and uses write-capable exchange APIs that perform value-moving operations: cex_fc_create_fc_order_v1, cex_fc_create_fc_multi_currency_one_to_many_order, cex_fc_create_fc_multi_currency_many_to_one_order, and cex_wallet_convert_small_balance. The atomic chains describe preview→create flows and require an API key with write permissions (Flash convert write, wallet convert). The documented workflows include creating flash-swap orders, batching creates, and converting wallet dust to GT — all explicit financial execution actions on a crypto exchange. This is not a generic toolset (browser automation or generic HTTP); it is specifically designed to execute trades/conversions and thus grants direct financial execution authority.