dbt-commands
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute a variety of dbt CLI commands such as
dbt run,dbt build,dbt debug, anddbt docs serve. These commands perform system-level operations and can initiate local network services. - [EXTERNAL_DOWNLOADS]: The skill includes the
dbt depscommand, which is used to download and install external dbt packages from remote repositories like GitHub as defined in the project configuration. - [DATA_EXFILTRATION]: In the troubleshooting section, the skill suggests executing
echo $DBT_ENV_SECRET_SNOWFLAKE_PAT. This command can result in the exposure of sensitive database credentials by printing them directly to the agent's output console or logs. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the processing of external data generated during dbt execution.
- Ingestion points: The agent is instructed to read content from
logs/dbt.logand compiled SQL files located intarget/compiled/. - Boundary markers: No specific delimiters or instructions are provided to the agent to treat the content of these files as untrusted data or to ignore instructions embedded within them.
- Capability inventory: The skill possesses the capability to execute shell commands and modify the file system through the dbt CLI.
- Sanitization: There is no mechanism described for sanitizing or validating the contents of logs or compiled SQL artifacts before they are processed by the agent.
Audit Metadata