The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION] (HIGH): The skill exhibits a high-severity attack surface due to the combination of untrusted data ingestion and execution capabilities. Ingestion points: Workflow steps 1, 3, and 5 in SKILL.md ingest data from error logs and local SQL files. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands. Capability inventory: Steps 1, 2, 7, 8, and 10 use dbt build, dbt show, and dbt test, which execute SQL/Jinja and query databases. Sanitization: Absent; external content is processed directly. An attacker who can influence dbt error messages or repository files could execute arbitrary code or exfiltrate data through the agent's actions.
[COMMAND_EXECUTION] (MEDIUM): The skill relies on executing various dbt commands and shell utilities (cat, grep). While these are functional requirements, they provide a powerful set of tools that could be abused if the agent is compromised via indirect prompt injection.

debugging-dbt-errors