x402-agentic-creation
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill treats data from the GateX402 API as untrusted and implements recommended mitigations.
- Ingestion points: Data is fetched from
api.gatex402.devinsrc/tools/earnings.tsandsrc/tools/withdraw.ts. - Boundary markers: Responses are wrapped in
<!-- GATEX402_API_RESPONSE -->delimiters to ensure the agent context can distinguish tool results from instructions. - Capability inventory: The skill uses
viemfor cryptographic signing and performs HTTPS requests to its primary backend. - Sanitization: Tool scripts (e.g.,
earnings.ts) manually map API response fields to a strictly typed schema, ensuring only expected data is returned to the agent. - [Data Exposure & Exfiltration] (SAFE): Sensitive credentials are kept out of the agent's reach using best practices.
- Credential Isolation: The
createToolsfactory uses a closure-based approach (getWalletPrivateKey,storeManagementToken) so that raw secrets never appear in the agent's prompt history or tool parameters. - Domain Restriction: Communication is programmatically restricted to the protocol's official backend (
api.gatex402.dev), which is necessary for the skill's primary function. - [Unverifiable Dependencies & Remote Code Execution] (SAFE): Dependencies are restricted to reputable, versioned libraries (
viem,zod,dotenv) used for secure blockchain operations and data validation. No dynamic or remote code execution was detected.
Audit Metadata