Skills
skills/astronomer/agents/cosmos-dbt-fusion/Gen Agent Trust Hub

cosmos-dbt-fusion

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): In file SKILL.md, the installation instructions for the dbt Fusion binary include the command curl -fsSL https://public.cdn.getdbt.com/fs/install/install.sh | sh. This pattern is highly dangerous as it allows a remote server to execute arbitrary commands with the user's permissions. The source domain getdbt.com is not on the trusted whitelist.
  • EXTERNAL_DOWNLOADS (LOW): The skill requires installing astronomer-cosmos>=1.11.0 and references dbt-snowflake and dbt-databricks as required adapter packages.
  • PROMPT_INJECTION (LOW): The skill configures Airflow DAGs that ingest untrusted data from params or XCom (e.g., {{ params.my_department }} in reference/cosmos-config.md) and interpolates it into dbt variables. This creates a surface for indirect prompt injection because the data is passed to the dbt binary (capability) without sanitization or boundary markers.
Recommendations
  • HIGH: Downloads and executes remote code from: https://public.cdn.getdbt.com/fs/install/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 09:29 PM