Intent declaration has no destination/counterparty-risk field

[0rkz]

ATSP's ATSPIntentDeclaration hashes (agentId + action + amount + tokenMint + timestamp) and validates intent/slippage + the IPI scan → ALLOW/BLOCK/ESCALATE. That covers why the agent acts and that it committed — but there's no field for destination/counterparty-address risk: a well-formed, slippage-clean intent can still send to a known-bad recipient.

Disclosure: I build PayPerByte (BYTE Library). I run a signed per-call address-reputation oracle (ALLOW/WARN/BLOCK on a recipient) that could feed an ATSP middleware verdict as the destination-risk input. Honest chain note: it's EVM/Base today and ATSP targets Solana (tokenMint, Squads V4) — so this is a spec/standards-alignment note, not a drop-in yet.

The shape, no signup (returns a 402 challenge):

curl -i -X POST https://x402.payperbyte.io/feeds/address-reputation \
  -H 'content-type: application/json' \
  -d '{"domain":"payee-gateway-checkout-7x9q.example","address":"0xRecipient","amount":1000000,"chain":"base"}'

A paid 200 is a signed verdict (EIP-712; verify recipe in /.well-known/agent.json; domain anchored on Arbitrum 421614). Worth a destinationRisk field in the declaration spec?