celo-copilot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL explicitly instructs the agent to fetch and use live, public third‑party content (e.g., The Grid GraphQL at https://beta.node.thegrid.id/graphql, DefiLlama api.llama.fi, the Celo forum Discourse API at forum.celo.org, and celopg.eco program pages) as part of its required research workflow, meaning untrusted/user-generated content will be read/interpreted and can materially influence decisions and subsequent tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly targets on-chain financial actions and integrations: it provides MiniPay stablecoin payment flows (including OdisPayments top-ups and a trusted MiniPay issuer address), swap routing (Uniswap V3/V4), DeFi protocol operations (Aave supply/borrow, flash loans), x402 HTTP-native micropayments, and functionality for building AI agents that "transact on Celo" (automated payments, FX arbitrage, prediction markets). These are specific crypto/blockchain payment and transaction capabilities (wallets/payments/swaps/micropayments) rather than generic tooling, so it grants direct financial execution authority.