The Agent Skills Directory

Data Exposure & Exfiltration (MEDIUM): The skill requires a WALLET_PRIVATE_KEY environment variable. In an LLM-driven environment, this is a high-risk pattern as an agent might be coerced via prompt injection to reveal the key or sign unauthorized transactions.
External Network Access (LOW): The skill communicates with https://x402.breeze.baby and Solana RPC nodes. These are non-whitelisted domains, making the agent dependent on the security and availability of external services.
Indirect Prompt Injection (LOW): The skill ingests data from external APIs to build transactions, which is a potential vector for indirect prompt injection. Ingestion points: Data returned from X402_API_URL. Boundary markers: None described in the documentation. Capability inventory: Signing and broadcasting Solana transactions. Sanitization: No sanitization or validation of the API-provided transaction data is mentioned.
No Executable Code (SAFE): This submission consists solely of a README file. The functional instructions reside in SKILL.md and the implementation logic in Node.js scripts, neither of which were provided for analysis.

breeze-x402-payment-api