Skills
skills/bmsuisse/skills/databricks-sql-autotuner/Gen Agent Trust Hub

databricks-sql-autotuner

Fail

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The tune.py script dynamically loads and executes Python code from a local file named udf_setup.py if it exists in the project directory. This allows for arbitrary code execution within the agent's environment.
  • [EXTERNAL_DOWNLOADS]: The skill suggests installing the uv package manager using a remote script from astral.sh piped directly into the shell. While originating from a well-known service, this installation pattern is a common vector for remote code execution.
  • [COMMAND_EXECUTION]: Multiple scripts including discover.py, env_setup.py, and init_run.py use the subprocess module to execute system commands such as the Databricks CLI, Git, and Python.
  • [PROMPT_INJECTION]: The skill processes SQL queries from project files and executes them on Databricks. This presents an indirect prompt injection surface where malicious instructions could be embedded in data files.
  • Ingestion points: SQL query files or inline strings provided via the --query or @file arguments.
  • Boundary markers: Absent; the skill treats processed SQL as executable code.
  • Capability inventory: Shell command execution via subprocess.run and Spark SQL operations through the Databricks connection.
  • Sanitization: No explicit sanitization or validation of the SQL content is performed prior to its execution by the Spark engine.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 22, 2026, 12:54 PM