dagster-expert
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of documentation and reference material (Markdown files) for the Dagster framework.
- [COMMAND_EXECUTION]: The documentation instructs the agent on using the
dgCLI for tasks like project scaffolding (dg scaffold), definition checking (dg check), and asset launching (dg launch). These are standard development operations within the intended scope of the tool. - [EXTERNAL_DOWNLOADS]: Mentions installing official Dagster packages (e.g.,
dagster-dg-cli,dagster-dbt,dagster-cloud) and database adapters viauv. These are trusted dependencies from the primary vendor (dagster-io) or well-known software registries. - [CREDENTIALS_UNSAFE]: Documentation describes managing environment variables in
.envfiles and usingdg plus loginfor authentication. It correctly identifies.envfiles as sensitive and recommends excluding them from version control using .gitignore. - [PROMPT_INJECTION]: The skill uses instructional constraints such as 'CRITICAL: Always Read Reference Files Before Answering' and 'NEVER answer from memory'. These are intended to ensure the accuracy of the agent's responses based on the provided technical documentation and do not constitute malicious behavior or safety guideline bypasses. The documentation also details patterns for ingesting external data (e.g., via APIs), which represents a surface for indirect prompt injection, but this is handled via standard framework capabilities and documented neutrally.
Audit Metadata