motherduck-build-data-pipeline
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security threats identified. The skill demonstrates best practices for handling sensitive credentials via environment variables and follows a clear, multi-stage data processing architecture.
- [COMMAND_EXECUTION]: The reference project includes an orchestration script (pipeline/run_all.py) that uses subprocess.run to execute dbt tasks and internal validation scripts. This is the intended behavior for the skill's purpose and uses secure coding practices (argument lists instead of shell strings).
- [EXTERNAL_DOWNLOADS]: The skill references standard, well-known software packages (dbt-duckdb, dlt, duckdb) and tools (uv, dbt). These are recognized as safe, industry-standard dependencies.
Audit Metadata