Skills
skills/algorand-devrel/algorand-agent-skills/teach-algorand-x402/Gen Agent Trust Hub

teach-algorand-x402

Fail

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis

================================================================================

🔴 VERDICT: HIGH

This skill presents a HIGH security risk due to its direct handling of sensitive private keys, reliance on unverified external dependencies, and network communication with non-whitelisted domains. The core functionality involves cryptographic operations with user-provided private keys and execution of external code, which are critical attack vectors if compromised.

Total Findings: 4

🔴 HIGH Findings: • Sensitive Private Key Handling & External Network Communication

  • SKILL.md:104, references/EXAMPLES.md:100, references/REFERENCE.md:100: The skill explicitly instructs users to provide AVM_PRIVATE_KEY as a Base64-encoded 64-byte key via environment variables. Code examples in references/EXAMPLES.md (lines 100-107, 130-137, 160-167) demonstrate using this private key to derive an address and sign Algorand transactions. This is a direct handling of highly sensitive credentials. Furthermore, the skill's examples and documentation indicate network communication with https://facilitator.goplausible.xyz and https://testnet-api.algonode.cloud. These domains are not on the trusted whitelist. The combination of handling a private key and making network requests to non-whitelisted domains creates a significant data exfiltration risk if any part of the skill's dependencies or the external services are compromised.

🟡 MEDIUM Findings: • Unverifiable External Dependencies

  • SKILL.md:118, references/EXAMPLES.md:200, references/REFERENCE.md:100: The skill instructs users to install numerous external packages via npm install and pip install (e.g., @x402-avm/core, x402-avm, algosdk). These packages are not from the list of trusted GitHub organizations or specific trusted repositories. The skill does not provide the source code for these dependencies, meaning their contents and behavior cannot be fully audited. This introduces a supply chain risk, as malicious code could be introduced through these unverified dependencies.

🔵 LOW Findings: • Command Execution via Package Installation

  • SKILL.md:118, references/EXAMPLES.md:200, references/REFERENCE.md:100: The skill explicitly provides npm install and pip install commands. While necessary for setting up the described functionality, these commands execute external code from unverified sources. This is a form of command execution that could be exploited if the packages themselves contain malicious post-install scripts or other executable code.

ℹ️ TRUSTED SOURCE References: • GitHub References

  • SKILL.md:158, references/REFERENCE.md:200: The skill references several GitHub repositories (e.g., github.com/GoPlausible/x402-avm, github.com/coinbase/x402, github.com/ChainAgnostic/CAIPs, github.com/algorand/js-algorand-sdk). While these are well-known projects, their respective organizations (GoPlausible, coinbase, ChainAgnostic, algorand, TxnLab) are not explicitly listed in the provided 'Trusted GitHub Organizations'. Therefore, these references do not qualify for a severity downgrade based on the trusted source rule, but are noted as informational.

================================================================================

Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 12, 2026, 10:41 PM