using-dbt-for-analytics-engineering
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill specifically addresses indirect prompt injection risks associated with processing warehouse data and dbt package metadata. It instructs the agent to treat these inputs as untrusted and avoid executing any embedded commands. Evidence Chain:\n
- Ingestion points: dbt show results, warehouse queries, YAML documentation, and hub.getdbt.com API responses.\n
- Boundary markers: Explicit warnings in SKILL.md and references/managing-packages.md instruct the agent to ignore instructions embedded in data.\n
- Capability inventory: Access to dbt CLI (Bash), jq, and file system tools (Read, Write, Edit).\n
- Sanitization: Explicit guidance to extract structured data only and ignore instruction-like text.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates dbt package management through the official hub.getdbt.com registry. It includes security notes requiring user confirmation and integrity verification before adding packages to the project.\n- [COMMAND_EXECUTION]: Use of Bash is restricted to the dbt CLI and the jq utility, which are standard tools required for analytics engineering tasks and consistent with the skill's purpose.
Audit Metadata