gate-info-coinanalysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Execution Workflow (Step 2 and Step 3 in SKILL.md) explicitly calls news_feed_search_news and news_feed_get_social_sentiment to fetch public news and social-media content and then passes those third‑party results to the LLM for aggregation, so untrusted user-generated/open web content is ingested and can influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The bundled update scripts explicitly fetch remote SKILL.md and archives at runtime from https://raw.githubusercontent.com/gate/gate-skills/master/skills (and may git clone https://github.com/gate/gate-skills.git), which can overwrite the local SKILL.md and thus directly change the skill’s instructions/prompts used by the agent during execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs the agent to run local update scripts (check/apply/revoke-pending), recommends running them with "full/all permissions" in sandboxes and uses PowerShell's "ExecutionPolicy Bypass", which directs the agent to bypass platform security controls and execute code that can modify local files and state.