Skills
skills/sfc-gh-dflippo/snowflake-dbt-demo/dbt-migration/Gen Agent Trust Hub

dbt-migration

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The README and SKILL.md documentation instructions fetch and execute the Cortex Code CLI installation script from the official Snowflake domain (ai.snowflake.com).
  • [COMMAND_EXECUTION]: Multiple Python scripts in the scripts/ directory (e.g., migrate_references.py, fix_markdown_lint.py) utilize the subprocess module to execute local system commands including git, pre-commit, and prettier.
  • [PROMPT_INJECTION]: The skill's primary function involves ingesting and processing untrusted SQL source files, which creates an attack surface for indirect prompt injection; however, no boundary markers or sanitization logic are explicitly defined in the provided file content.
  • [EXTERNAL_DOWNLOADS]: The skill recommends the installation of the official snowflake-data-validation package from standard package registries to facilitate data verification tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 09:49 PM