data-enrichment
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The installation instructions in
rules/getting-started.mdrequire the user to runnpx @x402scan/mcp install. This dependency is from a non-trusted npm scope, making it an unverifiable third-party package. - REMOTE_CODE_EXECUTION (MEDIUM): The use of
npxto install the@x402scan/mcppackage involves downloading and executing code from an external registry at runtime. Without a verified source or organization, this command could lead to arbitrary code execution on the user's system. - DATA_EXFILTRATION (LOW): The skill is designed to send user identifiers (such as emails, names, and LinkedIn URLs) to
enrichx402.comfor processing. While this is the intended purpose of the skill, the domain is not on the whitelist of trusted sources, and users should be aware of the data shared with this third party. - PROMPT_INJECTION (LOW): The skill processes untrusted data fetched from external APIs, creating a surface for indirect prompt injection (Category 8c).
- Ingestion points: API response data retrieved from
enrichx402.comvia thex402.fetchtool. - Boundary markers: None identified; the instructions direct the agent to "Parse and present results" without specifying safety delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill utilizes network access tools (
x402.fetch) and API discovery tools (x402.discover_api_endpoints). - Sanitization: No sanitization, validation, or escaping of the external API content is mentioned in the provided files.
- COMMAND_EXECUTION (MEDIUM): The skill requires the execution of shell commands (
npx) to set up the environment, which is a potential vector for system compromise if the package is malicious.
Audit Metadata