gate-exchange-staking

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required runtime workflow calls external gate-cli commands (e.g., gate-cli cex earn staking find, ...assets, ...orders, ...awards) which fetch live data from Gate's public API (and the installer fetches releases from GitHub), and that untrusted third-party content is parsed and used to resolve pids, exchange rates, and decide/drive stake/redeem actions as part of the mandatory tool workflow, so third-party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's setup.sh is intended to be run at runtime and uses curl to fetch and install a remote gate-cli binary (e.g. via https://api.github.com/repos/gate/gate-cli/releases/latest and https://github.com/gate/gate-cli/releases/download/${VERSION}/${ARCHIVE}), which downloads and executes remote code, making this a high-risk runtime external dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for crypto financial operations. It defines authenticated, write-capable commands (gate-cli cex earn staking swap) to stake, redeem, and mint assets, requires API keys and Earn:Write permissions, and details the full transaction workflow (pid, side, amount, coin). Although it mandates user confirmation gates, it clearly provides direct on-chain/CE exchange execution (swap) functionality rather than a generic interface, so it grants direct financial execution authority.