Skills
skills/dbt-labs/dbt-agent-skills/migrating-dbt-core-to-fusion/Gen Agent Trust Hub

migrating-dbt-core-to-fusion

Warn

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is instructed to read and execute a command from a file named repro_command.txt in the project root to reproduce errors. This allows for arbitrary command execution if the file is maliciously crafted within a project repository.
  • [DATA_EXFILTRATION]: The skill accesses the profiles.yml file, which typically contains sensitive database connection strings and credentials, during the environment validation and triage steps.
  • [EXTERNAL_DOWNLOADS]: Fetches the dbt-autofix tool from the official dbt Labs GitHub repository.
  • [REMOTE_CODE_EXECUTION]: Executes the dbt-autofix utility directly from its source repository using the uvx tool.
  • [PROMPT_INJECTION]: The skill processes untrusted user-provided content including SQL files, YAML configurations, and error logs.
  • Ingestion points: Reads project files (SQL, YAML) and tool output (error logs, dbt output).
  • Boundary markers: The instructions explicitly direct the agent to treat file content as untrusted and ignore embedded instructions.
  • Capability inventory: The skill has access to shell execution, file modification, and reading tools.
  • Sanitization: Includes specific guidance to extract only structured data and ignore instructional text within files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 23, 2026, 07:41 PM