dune-to-allium
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts
allium_query.py,dune_query.py, andcompare_results.pyviauv runto perform data retrieval and validation tasks.\n- [EXTERNAL_DOWNLOADS]: The skill communicates with the official API endpointsapi.allium.soandapi.dune.com. These are recognized as well-known service providers necessary for the skill's primary functionality.\n- [DATA_EXFILTRATION]: The scripts read Allium and Dune API keys from~/.allium/credentialsand.envfiles. These credentials are used appropriately to authenticate requests to the respective official services.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) due to its handling of untrusted SQL queries which are subsequently executed.\n - Ingestion points: User-provided SQL text and query IDs processed in the workflow defined in
SKILL.md.\n - Boundary markers: Absent; the instructions do not include specific delimiters or warnings to ignore instructions embedded within the SQL data.\n
- Capability inventory: The skill can execute arbitrary SQL on the Allium Explorer API through the
allium_query.pyscript.\n - Sanitization: Absent; while the skill performs structural SQL transformations, it does not explicitly sanitize the input for potential instruction injection.
Audit Metadata