x402-payments
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it fetches data from external API endpoints and passes it to the agent context. 1. Ingestion points: Results from fetchWithPayment and axios calls in the agentic patterns reference file. 2. Boundary markers: No markers or explicit instructions are provided to the agent to ignore embedded instructions in the retrieved data. 3. Capability inventory: The agent has the ability to sign cryptographic transactions and execute tool-based network requests. 4. Sanitization: External API responses are directly stringified and returned to the agent without any validation or sanitization of potential instruction content.
- [EXTERNAL_DOWNLOADS]: Interacts with facilitator services at https://x402.org/facilitator and https://api.cdp.coinbase.com. These endpoints are documented as official infrastructure for the protocol.
- [COMMAND_EXECUTION]: Provides instructions for dependency management using npm and server execution using the node runtime environment.
Audit Metadata