Skills
skills/aeon-project/aicard/x402-card/Gen Agent Trust Hub

x402-card

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the x402-card CLI for all operations, including the generation of local cryptographic keys and signing of EIP-712 transactions. Local wallet keys are stored in ~/.x402-card/config.json with recommended 600 permissions.\n- [EXTERNAL_DOWNLOADS]: The skill installs the @aeon-ai-pay/x402-card package from the npm registry. This package is a vendor resource provided by the skill author ('AEON-Project').\n- [PROMPT_INJECTION]: The skill processes data from a remote card service, creating a surface for indirect prompt injection.\n
  • Ingestion points: External data enters the context via the create and status command responses. (File: SKILL.md)\n
  • Boundary markers: The instructions mandate strict output templates for presenting card details, providing structural separation.\n
  • Capability inventory: The agent can execute shell commands via the x402-card CLI to perform financial transactions.\n
  • Sanitization: The skill relies on the CLI to parse and validate JSON responses from the payment server before display.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 10:22 AM