The Agent Skills Directory

[PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill is designed to parse and respond to PAYMENT-REQUIRED headers from external servers. A malicious server could return a crafted header specifying a high price or an attacker-controlled recipient address.
Ingestion points: The PAYMENT-REQUIRED header is ingested and parsed into a PaymentRequirements object (documented in references/protocol-spec.md).
Boundary markers: The data is structured as Base64-encoded JSON.
Capability inventory: The skill uses high-privilege environment variables (EVM_PRIVATE_KEY, SOLANA_PRIVATE_KEY) to sign and authorize financial transactions.
Sanitization: While the SDK handles protocol-level parsing, the business logic of 'should I pay this amount?' depends on the implementation of lifecycle hooks like onBeforePayment. The documentation provides a mitigation pattern (AgentWallet in references/agentic-patterns.md) which should be considered mandatory for autonomous agents.
[DATA_EXFILTRATION] (LOW): Credential Handling Patterns. The skill documentation and examples encourage the use of raw private keys in environment variables and include snippets that print generated keys to the console (console.log in references/deployment.md). If an agent executes these snippets in a shared environment or one with persistent logging, it could lead to the exposure of sensitive financial credentials.

x402-payments