dune
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements sound security practices for secret management. It instructs the agent to avoid passing API keys via command-line flags, recommending environment variables or the
~/.config/dune/config.yamlfile instead. It also provides instructions to redact sensitive tokens from any output presented to the user. - [SAFE]: All external references and documentation links point to official Dune Analytics domains (dune.com, docs.dune.com), which are consistent with the skill's stated authorship and purpose.
- [SAFE]: The skill processes external blockchain data, which constitutes an indirect prompt injection surface. However, this is necessary for its function as a data-retrieval tool and does not indicate malicious intent.
- Ingestion points: Query results retrieved from Dune via
dune query run,dune query run-sql, anddune execution resultsin the query-execution.md reference file. - Boundary markers: No explicit markers are used to delimit data from instructions in the prompt.
- Capability inventory: The skill has access to the
Bashtool to executeduneandcurlcommands as defined in the SKILL.md frontmatter. - Sanitization: The skill does not specify sanitization or filtering of query results before processing.
Audit Metadata