Skills
skills/dbt-labs/dbt-agent-skills/using-dbt-index/Gen Agent Trust Hub

using-dbt-index

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill includes an instruction to install the dbt-index tool using a command that pipes a remote script to the shell: curl -fsSL https://public.cdn.getdbt.com/fs/install/install-index.sh | sh. The download originates from the official domain of the well-known vendor dbt-labs, who also authored the skill.
  • [PROMPT_INJECTION]: The skill processes dbt project artifacts like manifest.json and catalog.json which can contain untrusted data. This creates a surface for indirect prompt injection. To mitigate this, the skill provides specific instructions to the agent to treat all output as untrusted and ignore any instructions embedded in metadata.
  • Ingestion points: Artifact files in the target/ directory.
  • Boundary markers: Present; instructions explicitly tell the agent to ignore instructions in data.
  • Capability inventory: Execution of dbt-index commands via Bash.
  • Sanitization: Instructions define strict extraction of structured fields and schema verification before querying.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 12:02 AM