Skills
skills/covalenthq/goldrush-agent-skills/goldrush-x402/Gen Agent Trust Hub

goldrush-x402

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @x402/core and @x402/evm Node.js packages to manage the x402 payment flow. These are vendor-specific libraries associated with the Covalent GoldRush ecosystem.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface by processing untrusted data from the blockchain.
  • Ingestion points: Transaction history, token metadata, and event logs retrieved from the x402.goldrush.dev proxy via the HTTPClient in SKILL.md.
  • Boundary markers: No specific delimiters or instructions are provided to the agent to treat the fetched blockchain data as untrusted content.
  • Capability inventory: The skill utilizes network GET requests to retrieve external data and present it to the agent context.
  • Sanitization: There is no evidence of sanitization or filtering of the retrieved blockchain data before it is processed by the AI agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 07:39 PM