building-dbt-semantic-layer
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use standard dbt and MetricFlow CLI tools such as
dbt parse,dbt sl validate, andmf validate-configsfor project validation. It also referencesuvx dbt-autofixfor automated configuration migrations, which is a first-party utility from dbt Labs. - [EXTERNAL_DOWNLOADS]: References the official dbt Labs GitHub repository (
github.com/dbt-labs/dbt-autofix) for tool documentation and installation guidance. - [PROMPT_INJECTION]: Contains explicit defensive instructions under the 'Handling External Content' section, directing the agent to treat all project SQL files and YAML configs as untrusted and to ignore any instruction-like text embedded in those files, mitigating indirect prompt injection risks.
Audit Metadata