Skills
skills/gate/gate-skills/gate-pay-x402/Gen Agent Trust Hub

gate-pay-x402

Warn

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to generate and execute shell commands via node -e, node -p, or python -c in the integrated terminal. This is used to display sensitive wallet information (private keys, seeds) to the user while avoiding the chat log. Additionally, the skill directs the agent to write temporary files to the local project directory when terminal access is limited.\n- [PROMPT_INJECTION]: The skill establishes a workflow that ingests data from external, potentially untrusted sources—specifically merchant discovery catalogs and 402 payment challenges. This data is then used to populate parameters for signing and payment tools, creating an indirect prompt injection surface.\n
  • Ingestion points: Resource descriptions from the discoveryResource tool (remote catalog) and merchant responses in x402_place_order or x402_request (SKILL.md).\n
  • Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the merchant's metadata or response headers.\n
  • Capability inventory: The agent can perform network requests, execute shell commands, and perform file system operations.\n
  • Sanitization: Validation is primarily based on tool inputSchema definitions, but there is no explicit sanitization for instructions that might be contained within the data being passed from one tool to another.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation and execution of the gatepay-local-mcp package via npx. This package is a vendor resource provided by the author 'gate'. The documentation also references an external endpoint (dev.halftrust.xyz) as an example for merchant discovery.\n- [DATA_EXFILTRATION]: The skill outlines a procedure for handling highly sensitive data, such as private keys and seeds, by moving them through terminal outputs or temporary local files. While intended to improve security relative to the chat interface, this handling of raw secrets introduces risks of exposure in the local environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 23, 2026, 02:03 PM