documenting-dbt-models
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (LOW): The skill executes common shell utilities including
find,cat, andgrep, along with thedbtCLI. These commands are used to read local project files and generate documentation previews. The usage is appropriate for the skill's context and lacks indicators of malicious intent or unauthorized access. - EXTERNAL_DOWNLOADS (INFO): An automated scanner flagged 'orders.id' as a malicious URL. This is a false positive resulting from the tool misinterpreting a dbt column reference (
table_name.column_name) as a web domain. No actual network requests to this string are performed. - INDIRECT_PROMPT_INJECTION (LOW): The skill's workflow involves reading external content from
.sqlfiles andschema.ymlfiles which may be attacker-controlled in a shared environment. While this presents an ingestion surface for indirect prompt injection, the risk is low as the output is limited to documentation generation and does not feed into high-privilege execution sinks. - Ingestion points: Project source files (
.sql,.yml) read viacatandgrepin Steps 1, 2, and 3. - Boundary markers: None used; the agent reads raw file content.
- Capability inventory: Local file reading (
cat), searching (find,grep), and dbt documentation generation (dbt docs generate). - Sanitization: None; the skill assumes the project files are trusted source code.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata