The Agent Skills Directory

[SAFE]: The skill uses official dbt Labs domains (docs.getdbt.com, getdbt.com) and repositories for updates and documentation, which are well-known and trusted sources.
[PROMPT_INJECTION]: The skill includes explicit security guardrails across multiple files (e.g., in using-dbt-for-analytics-engineering/SKILL.md and troubleshooting-dbt-job-errors/SKILL.md) that instruct the agent to ignore any commands or instructions embedded in external data, SQL comments, or logs. This effectively mitigates indirect prompt injection risks.
[EXTERNAL_DOWNLOADS]: The skill downloads documentation and package metadata from official dbt registries. It also utilizes the dbt-mcp package via uvx, which is a standard and safe deployment method for this vendor's tools.
[COMMAND_EXECUTION]: The skill facilitates the execution of dbt CLI commands (run, build, test, compile) which are necessary for its stated purpose of analytics engineering. It also includes instructions for analyzing local project artifacts safely.
[CREDENTIALS_UNSAFE]: Analysis confirmed no hardcoded API keys or secrets are present. The documentation correctly guides users to use environment variables and .env files for secure credential management.

dbt