allium-x402
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection by ingesting untrusted data from remote sources into the agent context.
- Ingestion points: Data retrieved from the documentation browse endpoint (/api/v1/docs/docs/browse) and SQL query results from the Explorer API (/api/v1/explorer/query-runs/{run_id}/results).
- Boundary markers: None identified in the prompt templates.
- Capability inventory: Performs external network requests via httpx and executes blockchain transaction signing via the privy-client library.
- Sanitization: No explicit content filtering or validation of retrieved data before processing.
- [EXTERNAL_DOWNLOADS]: Fetches skill definitions and documentation content from the vendor's infrastructure at agents.allium.so.
- [COMMAND_EXECUTION]: Utilizes pip to manage package dependencies (pyjwt, privy-client, httpx) and executes inline Python code via shell heredocs for wallet setup and testing.
- [CREDENTIALS_UNSAFE]: Reads and writes sensitive Privy application credentials and wallet identifiers to a local configuration file (~/.config/allium/credentials).
Audit Metadata