migrating-dbt-core-to-fusion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly instructs the agent to search and fetch public GitHub issues (e.g., "site:github.com/dbt-labs/dbt-fusion/issues <error_code> ") and to "link the GitHub issue if one exists", which pulls untrusted, user-generated content from the open web and can materially influence classification and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running dbt-autofix via the command "uvx --from git+https://github.com/dbt-labs/dbt-autofix.git dbt-autofix deprecations", which fetches and executes code from that GitHub repository at runtime and is presented as a required first step.