gate-info-riskcheck

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The included maintenance scripts (scripts/update-skill.sh and scripts/update-skill.ps1) fetch remote skill data and archives from URLs such as https://raw.githubusercontent.com/gate/gate-skills/master/skills and https://github.com/gate/gate-skills.git during check/apply operations to replace SKILL.md and other skill files, which would directly change the agent's prompts/instructions at runtime if applied.