dbml
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to invoke command-line interface (CLI) tools such as dbml2sql, sql2dbml, and db2dbml to perform schema conversions. These tools are the standard utilities for the DBML ecosystem.
- [EXTERNAL_DOWNLOADS]: The skill's documentation guides the user to install the @dbml/cli package using npm. These packages are part of the well-known DBML ecosystem maintained by Holistics and are considered safe sources.
- [COMMAND_EXECUTION]: Indirect Prompt Injection Surface: The skill facilitates the ingestion of external data via SQL and DBML files as ingestion points. While the skill relies on the @dbml parser for validation, it does not explicitly implement boundary markers to isolate data from potential instructions. The skill possesses the capability to execute CLI commands based on these inputs as part of its capability inventory. The sanitization process is handled by the external @dbml toolset.
Audit Metadata