dbt-migration-snowflake
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill defines a workflow for processing untrusted external data (Snowflake DDL) and generating executable code (dbt models) without adequate security boundaries.
- Ingestion points: The skill explicitly requests Snowflake DDL input from the user in the 'Input Requirements' section of SKILL.md.
- Boundary markers: Absent. There are no instructions to use delimiters (e.g., XML tags or triple backticks) to isolate the untrusted DDL from the agent's instructions.
- Capability inventory: While the skill itself is 'no-code,' the output is SQL and YAML code designed for production databases. This creates an attack surface where an attacker can inject instructions into DDL comments to modify the logic of the generated dbt models.
- Sanitization: Absent. The conversion guidelines do not instruct the agent to ignore or strip natural language comments found within the input SQL.
- [No Code Detected] (INFO): The skill contains only Markdown instructions and does not include any Python, Node.js, or shell scripts, which limits the risk of direct remote code execution or file system access from the skill itself.
Audit Metadata