Skills
skills/altimateai/data-engineering-skills/migrating-sql-to-dbt/Gen Agent Trust Hub

migrating-sql-to-dbt

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability (Category 8). The skill is designed to ingest untrusted external data ('legacy SQL' files) using the 'cat' command and then use that data to generate dbt models and project configurations.
  • Ingestion points: The workflow explicitly calls for reading external files via cat <legacy_sql_file> (SKILL.md).
  • Boundary markers: There are no instructions for the agent to use delimiters or to ignore embedded instructions within the SQL files it reads.
  • Capability inventory: The skill possesses the capability to write to the local filesystem (creating models and YAML files) and execute shell commands (dbt build, dbt show, grep, find) which interact with a database environment.
  • Sanitization: No sanitization or validation logic is defined for the content extracted from the legacy SQL files before it is interpolated into new models or project files.
  • [COMMAND_EXECUTION] (MEDIUM): The skill makes extensive use of the dbt CLI to compile and execute SQL transformations. While this is the intended functionality of a dbt migration tool, the execution of commands like dbt build on code generated from untrusted input increases the risk of malicious database operations.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:49 AM