allium
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the allium-tools CLI binary from the official juxt/allium-tools GitHub repository.\n
- Evidence: references/installation.md specifies installation via mise using the github: backend.\n- [COMMAND_EXECUTION]: Executes the allium-tools binary with project-specific file paths as arguments.\n
- Evidence: references/agent-loop-integration.md and references/distilling-legacy-code.md describe executing allium weed and /allium:distill commands.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external .allium specifications and source code to generate tests and verify behavior.\n
- Ingestion points: .allium specification files and module source code (SKILL.md, references/distilling-legacy-code.md).\n
- Boundary markers: No explicit boundary markers or instructions to disregard embedded content in ingested files are defined.\n
- Capability inventory: The skill can execute shell commands through the allium-tools binary and generate executable unit tests (references/agent-loop-integration.md).\n
- Sanitization: No evidence of validation or sanitization of specification content before processing or interpolation into prompts is present.
Audit Metadata