using-dbt-index
Fail
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill contains instructions to install the
dbt-indextool by downloading a shell script from the vendor's official domain (https://public.cdn.getdbt.com/fs/install/install-index.sh) and piping it directly to the shell (sh). - [COMMAND_EXECUTION]: The tool enables the execution of arbitrary SQL queries against local DuckDB indexes and remote data warehouses via the
metadata runandwarehouse runsubcommands. It also includes system management commands such assystem updateandsystem uninstall. - [EXTERNAL_DOWNLOADS]: The skill downloads an installation script from the vendor's CDN and performs synchronization with dbt platform environments via the
cloud-synccommand. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes dbt project artifacts.
- Ingestion points: JSON artifacts (
manifest.json,catalog.json, etc.) in thetarget/directory. - Boundary markers: Explicit instructions are provided to treat tool output as untrusted and to avoid executing instructions found in metadata.
- Capability inventory: The skill can execute shell commands (
dbt-index), SQL queries, and network operations. - Sanitization: The skill relies on instruction-based boundaries rather than programmatic sanitization of metadata content.
Recommendations
- HIGH: Downloads and executes remote code from: https://public.cdn.getdbt.com/fs/install/install-index.sh - DO NOT USE without thorough review
Audit Metadata