x402-creation
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFE
Full Analysis
- Data Exposure & Exfiltration (MEDIUM): The
provision_apitool returns a sensitivemanagement_token(gx4_mgmt_...) to the agent's context. This token provides full administrative control over the API gateway and earnings. Because the token resides in the agent's memory/history, it is susceptible to exfiltration via prompt injection. - Data Exposure & Exfiltration (LOW): The skill involves financial operations (USDC withdrawals) and handles private keys for signing. While the code attempts to perform signing locally using the
viemlibrary, the overall pattern of managing high-value financial parameters within an agent's reasoning loop introduces risk of loss through unintended protocol interactions if the agent is misled. - SAFE (INFO): The skill utilizes legitimate, well-known dependencies (
viem,zod) and communicates with a specified production domain (api.gatex402.dev). No evidence of code obfuscation, persistence mechanisms, or unauthorized remote code execution was found.
Audit Metadata