gate-dex-mcpdapp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires ingesting and parsing arbitrary DApp/user-provided content (EIP-712 messages, user-supplied ABI/calldata, raw_tx and "Extract signing request from user input") in Flow B, Flow C, and Flow E, which are untrusted third-party inputs that the agent reads and uses to decide/sign/broadcast transactions, enabling indirect prompt-injection risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes crypto wallet and transaction operations: it defines and invokes wallet.sign_transaction and tx.send_raw_transaction (signing raw transactions and broadcasting them on-chain) and supports ERC20 approve authorization, message signing (EIP-712/personal_sign), building calldata for contract calls (mint, swap, add liquidity, stake, etc.), balance/gas checks, and full flows to sign-and-send transactions. These are specific blockchain financial execution capabilities (wallet transaction signing, broadcasting, and token approval), so it grants direct financial execution authority despite requiring user confirmation gates.