migrating-dbt-project-across-platforms
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user-controlled data such as SQL files and YAML configurations, which constitutes an indirect prompt injection surface. The instructions mitigate this risk by requiring the agent to treat all project content as untrusted and to ignore any commands embedded in comments or metadata.
- Ingestion points: SQL files, dbt_project.yml, profiles.yml, and metadata artifacts.
- Boundary markers: Explicit warnings are included to disregard instructions within data.
- Capability inventory: Uses dbtf/dbt CLI tools and performs local file system operations.
- Sanitization: Prohibits logging credentials and mandates strict extraction of structured fields.
- [EXTERNAL_DOWNLOADS]: The skill references official installation guides and repositories from dbt Labs (getdbt.com and github.com/dbt-labs). These references are documented as legitimate resources from the skill author.
Audit Metadata