celo-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and act on live, public third‑party sources (e.g., https://www.celopg.eco/programs for grants, https://beta.node.thegrid.id/graphql, https://mondo.celo.org/api/governance/proposals, https://forum.celo.org, DefiLlama APIs) as mandatory parts of its workflow, including using forum/CGP text and grant pages to drive decisions, which exposes it to untrusted/user-generated content that could carry indirect prompt-injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs adding the external skill package (npx skills add celo-org/agent-skills -g) which pulls the remote repo (e.g. https://github.com/celo-org/agent-skills) at runtime and those fetched SKILL.md files and scripts directly define agent prompts/behavior and can include executable scripts, so this is a runtime external dependency that controls agent instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed around crypto payments and on-chain financial actions. It includes payment-specific capabilities and APIs (MiniPay stablecoin payments, OdisPayments top-ups, MiniPay issuer address), DeFi execution primitives (Uniswap V3/V4 swap routing, Aave supply/borrow, Morph o permissionless markets), and agent-level transaction features (x402 micropayments, "AI agents that transact on Celo", "automated payments"). It also provides concrete fee-currency adapter addresses and guidance to build payment flows and MiniApp payment templates. These are specific financial execution tools for blockchain payments/swaps and automated transfers—not generic browsing or HTTP tooling—so it grants direct financial execution authority.