developing-incremental-models
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill is designed to ingest external metadata (schema, table, and column names) to generate and execute dbt commands.
- Ingestion points: Database schema names, table names, and column identifiers used in
{{ source(...) }}and{{ unique_key_column }}placeholders. - Boundary markers: None present. The skill relies on standard dbt Jinja templating which does not provide isolation between data and command logic in this context.
- Capability inventory: The skill executes
dbt show --inline,dbt build, and SQL queries via the dbt CLI. This provides both data read and write (merge/insert) capabilities. - Sanitization: No sanitization or validation of the input table or column names is performed before they are interpolated into the shell command
dbt show --inline "...". - [COMMAND_EXECUTION] (LOW): The skill explicitly uses the terminal to run
dbtCLI commands. While this is the intended functionality for a dbt-focused skill, it represents a standard risk of local command execution.
Recommendations
- AI detected serious security threats
Audit Metadata