The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): The skill uses npx to download and run the @zauthx402/cli package from the public npm registry at runtime. This package is not from a trusted source, creating a significant supply chain vulnerability.
[REMOTE_CODE_EXECUTION] (HIGH): The use of npx @zauthx402/cli@latest facilitates the execution of unverified remote code within the agent's execution environment.
[COMMAND_EXECUTION] (MEDIUM): The skill interpolates user-provided search queries directly into a bash command string (npx ... search <query>), which presents a potential command injection risk.
[PROMPT_INJECTION] (HIGH): The skill possesses a major indirect prompt injection surface. 1. Ingestion points: It fetches and displays title and description fields from the external zauth provider directory. 2. Boundary markers: No delimiters or instructions are used to isolate this untrusted external data from the agent's primary instructions. 3. Capability inventory: The skill has access to the Bash shell and is intended to trigger subsequent actions like payments via other skills. 4. Sanitization: There is no evidence of sanitization or filtering applied to the external API metadata before it is processed by the AI agent.

discover-x402-services