The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill loads a third-party analytics script from plausible.io within the root layout. This is a well-known and trusted service for privacy-focused website analytics.
[DATA_EXFILTRATION]: An API route (/api/facilitators/route.ts) interacts with Upstash Redis and the Allium API to fetch transaction metrics. It uses environment variables for authentication tokens and API keys, which is a standard and secure practice for server-side operations. No hardcoded secrets or unauthorized data exfiltration patterns were detected.
[REMOTE_CODE_EXECUTION]: The ecosystem entries include install_command fields (e.g., npx skills add owner/repo). These are pointers for agents to install additional capabilities from GitHub. This is the intended functional behavior of the agent skills platform and does not constitute a vulnerability within this skill itself.
[INDIRECT_PROMPT_INJECTION]: The skill processes project descriptions and metadata from locally stored JSON files. While these files are intended to be updated via community contributions (Pull Requests), the current content is informational and does not contain instructions that would override agent behavior.

x402-ecosystem