gate-exchange-alpha

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls public, unauthenticated market/data endpoints (see SKILL.md Domain Knowledge: "All market data endpoints (currencies, tickers, tokens) are public") and the required workflows in references/token-discovery.md, references/market-viewing.md, and references/account-holdings.md instruct the agent to fetch and interpret that third-party token/ticker data (via cex_alpha_list_alpha_currencies, cex_alpha_list_alpha_tokens, cex_alpha_list_alpha_tickers), which can materially influence decisions such as which tokens are considered tradable and portfolio valuation.