gate-exchange-kyc

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill’s setup.sh is invoked at runtime to fetch and install the required gate-cli binary (it queries https://api.github.com/repos/gate/gate-cli/releases/latest and downloads from https://github.com/gate/gate-cli/releases/download/${VERSION}/${ARCHIVE}), which pulls and executes remote code that the skill depends on, so this is a high-confidence runtime code-execution dependency.