web-research
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The setup instructions require running
npx @x402scan/mcp install, which downloads and executes code from an unverified npm scope during the initial configuration. - DATA_EXFILTRATION (MEDIUM): The skill proxies all search and scraping requests through the intermediary domain
enrichx402.cominstead of using direct provider APIs (Exa/Firecrawl). This allows the service to intercept all research queries and the content of scraped websites. - COMMAND_EXECUTION (MEDIUM): The skill relies on shell commands for installation and requires interaction with a custom wallet system (
mcp__x402__get_wallet_info), increasing the attack surface. - PROMPT_INJECTION (LOW): The skill processes untrusted web content (via
x402.fetch) without explicit sanitization or boundary markers. 1. Ingestion point:x402.fetchresponses from the web; 2. Boundary markers: Absent; 3. Capability inventory:x402.fetch(network access), wallet management; 4. Sanitization: Absent.
Audit Metadata