Skills
skills/gemini-cli-extensions/data-agent-kit-starter-pack/dbt-bigquery/Gen Agent Trust Hub

dbt-bigquery

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various command-line interface tools, including dbt, bq, and gcloud, to manage project initialization, inspect data schemas, preview table contents, and validate SQL code.
  • [EXTERNAL_DOWNLOADS]: Facilitates the installation of the official dbt-bigquery Python package via pip if the required adapter is missing from the environment.
  • [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface (Category 8) because it reads and processes external files such as dbt models (.sql), configurations (.yml), and system logs.
  • Ingestion points: dbt_project.yml, profiles.yml, SQL files, BigQuery table previews, and Cloud Logging entries.
  • Boundary markers: No explicit delimiters are used to wrap external content.
  • Capability inventory: Access to dbt compile, bq commands for data preview/schema inspection, and gcloud for project configuration and log reading.
  • Sanitization: No explicit sanitization or filtering of external data is performed before the agent processes the content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 10:17 PM