agent-bricks
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill demonstrates a significant indirect prompt injection vulnerability surface through its data ingestion and configuration tools.
- Ingestion points: Tools like create_or_update_ka ingest documents and JSON files directly from Databricks Volumes (volume_path).
- Boundary markers: No instructions or delimiters are provided to the agent to treat content from the volumes as untrusted, increasing the risk of obedience to embedded instructions.
- Capability inventory: The skill possesses powerful write capabilities via create_or_update_ka and create_or_update_mas, which define the core logic and routing for production AI agents.
- Sanitization: There is no evidence of sanitization or filtering for the content retrieved from external volumes before it is applied to the agents.
Recommendations
- AI detected serious security threats
Audit Metadata