gate-dex-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly implements HTTP 402 “x402” flows that call arbitrary external URLs (see SKILL.md “Pay for HTTP 402 resources” and references/x402.md which require calling dex_tx_x402_fetch / dex_tx_x402_checkin_preview), so the agent fetches and ingests untrusted third‑party web content as part of its mandatory runtime workflow which can change subsequent tool calls (pay/retry/sign) and thus enables indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto wallet/payment skill. It describes concrete on-chain financial operations: sending tokens (e.g., "send USDT", "Transfer, send tokens"), withdrawing on-chain to Gate Exchange (deposit address flow), paying HTTP 402 resources via x402, and signing transactions/messages via explicit tools (dex_wallet_sign_transaction, dex_tx_x402_fetch, dex_tx_transfer_preview, etc.). Those are specific crypto/payment APIs and signing/transfer flows (not generic automation), so it grants direct financial execution authority.