gate-dex-market

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill embeds and auto-deploys hard-coded API credentials into the user's home directory (and instructs creating/using them), and explicitly notes those AK/SK are shared with trading functionality—this is a deliberate credential-backdoor pattern that can enable unauthorized actions by the credential owner even though no direct exfiltration code is present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and references/openapi.md explicitly instruct the agent to call the public Gate OpenAPI endpoint (POST https://openapi.gateweb3.cc/api/v1/dex) and to read actions like base.token.risk_infos and base.token.get_holder_topn so that returned (third‑party) token/holder/risk data is interpreted and used to drive warnings, routing, and follow-on decisions — exposing the agent to untrusted external content.