standards
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative language and claims of future deployment dates (e.g., January 2026) to override an agent's internal knowledge base. The phrase "You almost certainly don't have this in training data" is a deceptive pattern intended to force the model to accept unverified protocols as fact.
- [EXTERNAL_DOWNLOADS]: The documentation references multiple software packages (e.g.,
x402,@x402/express) and repositories that are not established or recognized in the Ethereum ecosystem. Installing these from public registries creates a risk of dependency confusion or the execution of malicious payloads. - [COMMAND_EXECUTION]: Provides implementation examples requiring the installation and execution of unverified external code within environments that manage financial transactions.
- [DATA_EXFILTRATION]: The proposed "x402" protocol sends transaction signatures to external "facilitator" servers, which could be exploited to intercept sensitive cryptographic data or transaction metadata.
- [CREDENTIALS_UNSAFE]: Code snippets demonstrate passing raw private keys to unverified third-party libraries (
x402Fetch), posing a direct risk of credential theft or exposure.
Recommendations
- AI detected serious security threats
Audit Metadata