x402
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
scaffold-endpointandscaffold-ai-endpointcommands generate project files on the local file system. While the project name is validated using a regex, the output directory is determined by the--output-dirargument, allowing the tool to write files to specified locations on the disk. - [DATA_EXFILTRATION]: The
execute-endpointandprobe-endpointcommands allow sending request data, headers, and parameters to any HTTPS URL provided via the--urlargument. This capability can be used to transmit data to external endpoints beyond the default protocol services. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to interact with various x402 protocol endpoints (e.g.,
x402.biwas.xyz,x402.aibtc.com,stx402.com) and the OpenRouter API. These operations are core to the skill's functionality for API execution and model discovery. - [INDIRECT_PROMPT_INJECTION]: The skill processes and displays data received from remote API endpoints. If an agent treats the content of these responses as authoritative instructions, it could be vulnerable to indirect prompt injection.
- Ingestion points: Remote API response data from
execute-endpointandprobe-endpointis printed to the console and consumed by the agent. - Boundary markers: There are no explicit markers or instructions in the skill to treat the returned API data as untrusted content.
- Capability inventory: The skill can perform network requests, file system writes (scaffolding), and blockchain transactions via an active wallet.
- Sanitization: The skill prints the JSON responses from APIs without filtering or sanitizing the content for potential instructions.
Audit Metadata