The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of a third-party MCP tool via npx @x402scan/mcp install. This command downloads and executes code from the npm registry.
Evidence: Found in rules/getting-started.md under the Setup section.
Context: The package @x402scan/mcp is not from a trusted organization or repository listed in the security guidelines.
COMMAND_EXECUTION (MEDIUM): The installation instructions include a shell command that modifies the agent's client configuration (--client claude-code).
DYNAMIC_EXECUTION (MEDIUM): The skill relies on x402.discover_api_endpoints to retrieve executable API paths from a remote server (https://enrichx402.com) at runtime.
Evidence: SKILL.md instructs the agent: 'All paths follow the pattern... Use exact URLs... or call x402.discover_api_endpoints first.'
Risk: This allows the remote server to dynamically change the endpoints the agent interacts with, potentially leading to unauthorized data transmission or modified behavior if the discovery endpoint is compromised.
INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted data from news and shopping results.
Ingestion points: Data returned by x402.fetch from serper/news and serper/shopping (titles, snippets, product descriptions).
Boundary markers: Absent. The skill does not provide instructions to wrap or isolate external content.
Capability inventory: The agent has the ability to perform further network requests via x402.fetch and discover new endpoints.
Sanitization: Absent. No evidence of escaping or validating the content of the news articles or product listings before processing.

news-shopping