cryptorefills-x402
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts exclusively with the vendor's official API endpoints at cryptorefills.com and solana.x402.cryptorefills.com for catalog exploration and order processing.
- [SAFE]: Payment authorization is handled through industry-standard cryptographic signing (EIP-712/EIP-3009 for Base and v0 VersionedTransactions for Solana), allowing the agent to authorize transfers using its own wallet without exposing private keys or requiring native gas.
- [SAFE]: The instructions incorporate critical security safeguards, mandating that agents set per-session spending limits, verify transaction amounts against budget constraints, and confirm recipient details before signing any payload.
- [SAFE]: The skill documentation includes comprehensive troubleshooting and validation patterns to ensure the agent correctly handles blockchain-specific requirements like blockhash freshness and instruction ordering.
- [SAFE]: While the agent ingests external data from the product catalog which presents a theoretical indirect injection surface, the skill instructs the agent to treat this data as structured information to be verified rather than executable instructions.
Audit Metadata