gate-exchange-transfer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly directs running ./setup.sh which downloads release metadata and binaries from the public GitHub API (https://api.github.com/repos/gate/gate-cli/releases/latest) and its runtime rules (references/gate-cli.md §2.1) require running and parsing the external gate-cli --help output before invoking commands, so the agent consumes and acts on public third‑party content that can materially change execution behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup.sh performs runtime downloads and installs of the gate-cli binary from GitHub (it queries https://api.github.com/repos/gate/gate-cli/releases/latest and then downloads from URLs like https://github.com/gate/gate-cli/releases/download/${VERSION}/${ARCHIVE}), meaning the skill fetches and installs remote executable code that is required for operation.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to move funds: it implements Gate Exchange internal transfers (POST /wallet/transfers) via the concrete command gate-cli cex wallet transfer create. It requires API keys/secrets and Wallet:Write permission and details exact params (from, to, currency, amount, settle, currency_pair), confirmation flow, balance pre-checks, and success/error handling. This is a specific crypto exchange transfer capability (not a generic tool), so it grants direct financial execution authority.