release-dbt-mcp
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) to perform administrative actions, specifically using the --admin flag to squash-merge pull requests. This allows the agent to bypass repository branch protection rules and standard validation requirements.\n- [PROMPT_INJECTION]: The instructions include a directive to "bypass CI," which explicitly commands the agent to disregard automated safety filters and testing protocols. While intended for specific automated pull requests, this represents an override of standard security constraints.\n- [EXTERNAL_DOWNLOADS]: The skill accesses the official PyPI JSON API (pypi.org) to verify that the release is live. PyPI is recognized as a well-known and trusted service.\n- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface by ingesting untrusted data from GitHub workflow statuses and PR metadata which is then used to trigger command execution and open URLs.\n
- Ingestion points: External status data from GitHub workflows and pull requests (SKILL.md).\n
- Boundary markers: None present to delimit external data from the agent's instructions.\n
- Capability inventory: GitHub CLI operations (gh pr merge) and web browser interaction (open ).\n
- Sanitization: No evidence of validation or escaping for the external data before it is processed.
Audit Metadata