Skills
skills/worldcoin/agentkit/agentkit-x402/Gen Agent Trust Hub

agentkit-x402

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation references the use of @worldcoin/agentkit-cli via npx for wallet registration. This is an official utility provided by the vendor.
  • [COMMAND_EXECUTION]: The skill provides instructions for executing a CLI command (agentkit-cli register) to register a wallet address if it is not already recognized by the service.
  • [PROMPT_INJECTION]: Analysis of indirect injection surfaces: 1. Ingestion points: Data is parsed from external HTTP 402 response extensions (SKILL.md). 2. Boundary markers: None explicitly defined. 3. Capability inventory: Uses network fetch and wallet signing tools. 4. Sanitization: None mentioned. This behavior is the intended mechanism for the AgentKit authentication protocol.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 03:27 PM