simmer-x402
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires the EVM_PRIVATE_KEY or WALLET_PRIVATE_KEY environment variables to access the user's Ethereum wallet for signing transactions. Handling raw private keys in environment variables is a sensitive requirement that poses a risk of exposure if the environment is compromised or logs are mismanaged.\n- [COMMAND_EXECUTION]: The x402_cli.py implementation allows for fetching arbitrary URLs and performing blockchain RPC calls based on input parameters. This capability enables interaction with external services, which should be monitored to prevent unintended network operations.\n- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch gated content from third-party API providers such as Kaito, AlphaKek, and CoinGecko upon payment.\n- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by ingesting and returning data from external, potentially untrusted URLs.\n
- Ingestion points: External API response data retrieved via x402_fetch and x402_rpc in x402_cli.py.\n
- Boundary markers: Absent; the skill does not use delimiters or instructions to isolate the fetched external content from the agent's internal logic.\n
- Capability inventory: The skill has the ability to perform signed USDC transactions on the Base network and execute arbitrary HTTP requests.\n
- Sanitization: Absent; the fetched content is returned directly to the agent without validation, filtering, or sanitization.
Audit Metadata