local-search
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user to install an external package using
npx @x402scan/mcp. This source is not part of the trusted organizations or repositories list, making it an unverifiable dependency. - COMMAND_EXECUTION (MEDIUM): The setup process involves running shell commands (
npx,mcp__x402__redeem_invite) that execute external code on the host machine. - DATA_EXFILTRATION (LOW): The skill communicates with
enrichx402.com, which is not on the whitelist of approved domains. It also directs users to a URL that incorporates their wallet address (https://x402scan.com/mcp/deposit/<their-wallet-address>), potentially exposing financial metadata. - INDIRECT PROMPT INJECTION (LOW): The skill processes external data from a third-party API (Google Maps data via x402).
- Ingestion points: Data enters the context via
x402.fetchresponses inSKILL.md. - Boundary markers: None identified; the agent is not explicitly told to ignore instructions embedded in the API responses.
- Capability inventory: The skill has the capability to execute network fetches and interact with a local wallet/MCP tool.
- Sanitization: No sanitization logic for the API response content is documented.
Audit Metadata