dbt-local
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to read and modify
~/.dbt/profiles.yml, which is a known sensitive path containing database credentials, API tokens, and connection strings. - [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands like
dbt,bq, anddatabrickswith arguments constructed from dynamic user-provided strings such as issue numbers and model names. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. Ingestion points: Data enters the agent context through user-provided model names, issue IDs, and raw SQL queries. Boundary markers: The skill lacks delimiters to separate user data from command templates. Capability inventory: The agent can execute CLI tools and database queries. Sanitization: There is no evidence of input validation or escaping for the user-provided parameters used in command strings.
Recommendations
- AI detected serious security threats
Audit Metadata