x402
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill architecture facilitates the processing of metadata from external resource servers which could be used to influence agent behavior.
- Ingestion points: Payment requirement data is ingested via PAYMENT-REQUIRED HTTP headers and MCP tool metadata (referenced in references/transports.md and references/python-sdk.md).
- Boundary markers: The protocol utilizes Base64-encoded JSON structures for data transmission as defined in the protocol specification.
- Capability inventory: The skill enables the agent to sign cryptographic authorizations and settle on-chain payments using private keys provided in the environment (referenced in references/core-concepts.md and references/typescript-sdk.md).
- Sanitization: The system relies on cryptographic signatures for authenticity but does not inherently sanitize semantic metadata like the resource description which could be used to deceive the agent into authorizing unintended payments.
Audit Metadata