x402
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scaffold-endpointandscaffold-ai-endpointcommands perform filesystem write operations to generate and save new project source code to user-specified directories. - [EXTERNAL_DOWNLOADS]: The
execute-endpointandprobe-endpointsubcommands allow for making network requests to any user-provided HTTPS URL, which may lead to interactions with untrusted external services. - [CREDENTIALS_UNSAFE]: The
send-inbox-messagesubcommand retrieves the wallet's private key to sign and serialize sBTC transactions for message delivery. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through external data ingestion.
- Ingestion points: JSON responses from arbitrary external API endpoints accessed via the
execute-endpointcommand. - Boundary markers: None identified; API responses are printed and potentially processed without delimiters.
- Capability inventory: Filesystem writes (scaffolding), network requests (fetch), and transaction signing (wallet interaction).
- Sanitization: None; data from external sources is parsed and returned without validation or escaping.
Audit Metadata