dune
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute 'dune' CLI commands for querying and managing blockchain data. It supports arbitrary SQL execution through the 'query run-sql' command and provides guidance on performing various administrative tasks such as creating dashboards and visualizations.
- [EXTERNAL_DOWNLOADS]: The skill documentation mentions that the Dune CLI is auto-installed on first use. This installation process targets vendor-provided infrastructure to set up the necessary environment for the skill's functionality.
- [DATA_EXFILTRATION]: The skill manages Dune API keys (DUNE_API_KEY) and accesses local configuration files (~/.config/dune/config.yaml). Security instructions are explicitly included to warn the agent against outputting these keys in responses and to redact them if they appear in command outputs.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingests untrusted data from blockchain records via SQL queries.
- Ingestion points: Data enters the agent's context through 'dune query run' and 'dune execution results' outputs.
- Boundary markers: The skill strongly recommends using '-o json' for all commands, providing a structural boundary (JSON keys/values) that helps separate data from instructions.
- Capability inventory: The skill utilizes 'Bash' tools, including 'dune' and 'curl', for data retrieval and resource management.
- Sanitization: No specific content filtering for query results is described, but the use of structured output and explicit user confirmation for write operations mitigates the risk of automated exploitation.
Audit Metadata