people-property
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The file
rules/getting-started.mdinstructs users to executenpx @x402scan/mcp install. This command downloads and runs code from the@x402scan/mcppackage on the npm registry. As the@x402scanorganization is not a trusted source, this represents an unverifiable dependency installation that executes at runtime. - DATA_EXFILTRATION (LOW): The skill is designed to transmit search queries to
enrichx402.comand retrieve sensitive PII, including names, phone numbers, and home addresses. While this is the skill's primary purpose, the transmission of data to an untrusted external domain carries inherent privacy risks. - INDIRECT_PROMPT_INJECTION (LOW): The skill ingests data from external API responses without clear sanitization, creating an attack surface for indirect prompt injection.
- Ingestion points: Response data from
x402.fetchcalls toenrichx402.com. - Boundary markers: None identified in the skill instructions.
- Capability inventory: Wallet management (
x402.get_wallet_info), network access (x402.fetch), and integration with other enrichment skills. - Sanitization: No evidence of input validation or response sanitization.
Audit Metadata