building-dbt-semantic-layer
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists of instructional documentation for dbt configuration. No malicious code, obfuscation, or unauthorized behaviors were detected.
- [COMMAND_EXECUTION]: The skill mentions official CLI tools including
dbt,mf(MetricFlow), anddbt-autofix. These are used for project validation and automated updates as part of standard development workflows. - [DATA_EXFILTRATION]: The skill accesses project SQL and YAML files to define business metrics. This is restricted to intended project paths and does not involve external data transfer.
- [PROMPT_INJECTION]: The skill features a 'Handling External Content' section that provides defensive instructions. It mandates that the agent ignore instructions found in SQL comments or YAML metadata, which is a key security measure against indirect prompt injection from processed data. Analysis of the attack surface (Category 8): (1) Ingestion points: Project SQL files and YAML configs; (2) Boundary markers: Present in the 'Handling External Content' section; (3) Capability inventory: CLI tools for parsing and validation; (4) Sanitization: Explicit instruction to ignore embedded instruction-like text.
Audit Metadata