Skills
skills/databricks-solutions/ai-dev-kit/databricks-app-apx/Gen Agent Trust Hub

databricks-app-apx

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill initializes projects by downloading and executing the APX framework tool directly from the vendor's GitHub repository (github.com/databricks-solutions/apx.git) using uvx.
  • [COMMAND_EXECUTION]: The development workflow involves executing several local command-line operations, including server management via mcp-cli, package installation via bun and uv, and local API endpoint verification using curl.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it translates user requirements into generated application code and system commands.
  • Ingestion points: User-provided descriptions for "Databricks apps" and functional requirements in Phase 2 and 3.
  • Boundary markers: None explicitly defined in the templates to separate user input from the framework's generation logic.
  • Capability inventory: The skill can execute shell commands (uvx, bun, curl) and interact with MCP servers (apx, shadcn) to manage the local development environment.
  • Sanitization: The generated backend utilizes Pydantic for data validation, though no specific sanitization is mentioned for the initial project scaffolding phase.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 07:54 PM