Skills
skills/dbt-labs/dbt-agent-skills/fetching-dbt-docs/Gen Agent Trust Hub

fetching-dbt-docs

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches documentation indices and pages from the official dbt documentation domain (docs.getdbt.com).
  • [COMMAND_EXECUTION]: Executes a local bash script (scripts/search-dbt-docs.sh) to search the cached documentation index. The script follows best practices such as safe variable handling and cross-platform compatibility.
  • [PROMPT_INJECTION]: The skill processes external documentation content, which presents a surface for indirect prompt injection.
  • Ingestion points: Documentation index at llms-full.txt and individual markdown documentation pages fetched via URL.
  • Boundary markers: Absent; fetched documentation is processed directly by the agent without delimiters.
  • Capability inventory: The skill utilizes a shell script for searching and the WebFetch tool for retrieving page content.
  • Sanitization: Documentation content is not sanitized or filtered for embedded instructions before being processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 04:37 PM