pay-for-http-request
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Credential Handling Considerations: The skill describes the use of
--private-keyand--passwordflags, as well as environment variables likePURL_PASSWORD. While these are functional requirements for thepurltool's wallet management, passing sensitive credentials directly via command-line arguments or environment variables is a pattern to review, as they may be visible in process lists or shell history. - Financial Transaction Surface: The skill enables the agent to perform financial transactions (x402 payments) automatically. While the documentation highlights safety features like
--max-amountand--confirm, there is an inherent risk if the agent processes untrusted URLs that trigger unintended payments. - Command Execution: The skill relies on executing the
purlCLI tool to perform its primary functions. This involves subprocess calls with user-provided arguments such as URLs, headers, and data payloads. - Indirect Prompt Injection Surface:
- Ingestion points: The skill accepts external input via the
<URL>argument and data payloads (--data,--json). - Boundary markers: There are no explicit boundary markers or delimiters mentioned to separate untrusted URL content from the agent's internal instructions.
- Capability inventory: The
purltool has the capability to perform network operations and execute financial transactions on EVM and Solana networks. - Sanitization: The skill provides safety parameters such as
--max-amountto limit financial exposure and--confirmto require human-in-the-loop validation before a transaction is finalized.
Audit Metadata