Skills
skills/celo-org/celopedia-skills/celopedia-skill/Snyk

celopedia-skill

Warn

Audited by Snyk on Apr 28, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The SKILL.md and live-data-sources.md explicitly instruct the agent to fetch and interpret live, public third‑party content (e.g., https://www.celopg.eco/programs, The Grid GraphQL at https://beta.node.thegrid.id/graphql, DefiLlama api.llama.fi, mondo.celo.org and forum.celo.org) as part of workflows like grant matchmaking and governance decisions, so untrusted/user‑generated content could materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill's live-data-sources explicitly instructs fetching raw CGP markdown from GitHub (e.g. https://raw.githubusercontent.com/celo-org/governance/main/CGPs/cgp-0232.md) at runtime and to inject/read that content to answer governance questions, which meets the criteria of a runtime-fetched external resource that is required and is injected into the agent context (thus directly affecting prompts/outputs).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly designed for blockchain financial operations. It contains multiple specific crypto/payment capabilities (not just generic API/click helpers): swap routing (Uniswap V3/V4), Aave supply/borrow/flash loans, Mento minting/burning (stablecoin mint/burn flows), MiniPay stablecoin payments and top-ups (ODIS / OdisPayments / MiniPay issuer address), x402 HTTP-native micropayments, guidance for building AI agents that "transact on Celo" (agent trust protocol, MCP server, automated payments), fee-currency adapter addresses and fee-abstraction details, and direct references to on-chain RPCs and contract interactions. These are concrete, finance-specific primitives (wallet/payment flows, micropayments, token mint/burn, swaps, lending) that enable sending transactions and moving funds on-chain. Therefore this skill grants Direct Financial Execution capability.

Issues (3)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 28, 2026, 09:02 AM
Issues
3