dbt-test-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to process untrusted data (user queries and project files) using powerful tools without explicit boundary markers or sanitization logic.
- Ingestion points: The skill triggers on user requests regarding 'dbt test creator' and utilizes 'Read' and 'Grep' tools to ingest project data.
- Boundary markers: Absent. There are no instructions to help the agent distinguish between instructional data and commands within processed files.
- Capability inventory: The skill has permission to use 'Bash', 'Write', and 'Edit' tools, which could be abused if the agent is misled by malicious data.
- Sanitization: Absent. No sanitization or escaping is defined to prevent untrusted content from influencing the generated code or bash commands.
- Command Execution (SAFE): While 'Bash' is an allowed tool in the metadata, the skill body itself does not contain any suspicious or hardcoded command executions.
Audit Metadata