gate-dex-trade

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs the agent to read and map mcp_token (and other checkin tokens/AK/SK in OpenAPI mode) into Authorization headers and tool-call arguments (e.g., Bearer ), which requires including secret values verbatim in requests/tool calls and thus creates exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires the agent to "read and strictly follow" external runtime rules hosted at https://github.com/gate/gate-skills/blob/master/skills/gate-runtime-rules.md (and progressively load other referenced GitHub files), and those fetched documents contain the AskQuestion templates, SOP steps, and runtime instructions that directly control the agent's prompts and flow at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute on-chain token swaps: it builds, signs, and submits blockchain transactions and orchestrates wallet/MCP signing flows (e.g., dex_tx_swap_prepare, dex_tx_swap_checkin_preview, dex_tx_swap_sign_approve, dex_tx_swap_sign_swap, Gate GV tx_checkin). It covers buy/sell/convert/bridge operations and explicit signing/submission steps — i.e., crypto/blockchain transaction execution. This matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" category of Direct Financial Execution.