coordination-games

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests and acts on untrusted, user-generated content: SKILL.md and the game rules explicitly show chat and lobby messages delivered in coga state (example "messages": [...]), the coga tool chat / lobby listings (coga lobbies) and OATHBREAKER's public pledge proposals are meant to be read and used by the agent to decide moves and tool calls, so third‑party input can materially change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires installing and running the external npm package "coordination-games" (via "npm install -g coordination-games@latest" and "npx -y coordination-games@latest serve --stdio"), which fetches and executes remote code from the npm registry (e.g. https://registry.npmjs.org/coordination-games) and is required to expose MCP tools that directly control the agent's runtime instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit crypto payment and wallet functionality. It instructs the agent to initialize a private key (coga init), exposes the agent address for deposits (coga fund), shows balance (coga balance), and has commands that perform on-chain actions: registering a name requires 5 USDC and coga register <name> --yes which "signs a permit" and the server "relays the on-chain transaction". It also describes automatic on-chain settlement of winnings and a withdraw command (coga withdraw <amount> --execute). These are specific blockchain/wallet signing and transaction operations (crypto on-chain transfers), which constitute Direct Financial Execution authority.