The Agent Skills Directory

Data Exposure & Credentials (HIGH): The skill explicitly instructs the agent to read and modify ~/.dbt/profiles.yml in section 3.1. This file is a standard location for sensitive database credentials, including hostnames, usernames, passwords, and access tokens.
Evidence: Access to ~/.dbt/profiles.yml is mandated for configuration and connection verification (dbt debug).
Indirect Prompt Injection (HIGH): The skill is designed to process external 'Issue work' and execute SQL commands based on those inputs.
Ingestion Points: Issue descriptions and numbers used to create targets and modify dbt models.
Boundary Markers: None detected in the instructions; external content is directly interpolated into commands.
Capability Inventory: High-impact capabilities including dbt run, dbt test, and dbt show --inline, which can execute arbitrary SQL against a database.
Sanitization: No sanitization or validation of the SQL strings or issue-based parameters is provided.
Command Execution (MEDIUM): The skill relies on the execution of multiple shell commands (dbt, bq, databricks) and encourages the agent to generate and run SQL from target/compiled/ directories, which could be manipulated if an attacker can influence the model files.

dbt