databricks-asset-bundles
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard
databricks bundleCLI commands to validate, deploy, and manage resources within a Databricks workspace. This is the intended primary functionality of the tool and is used following established best practices. - [EXTERNAL_DOWNLOADS]: The documentation includes links to official Databricks and vendor-specific (databricks-solutions) GitHub repositories for reference examples. These are recognized as trusted and well-known sources.
- [PROMPT_INJECTION]: Evaluated the surface for indirect prompt injection (Category 8). The skill processes user-defined configuration files (YAML) and source code (Python, JSON) to provision cloud infrastructure. While this constitutes an attack surface if local files are sourced from untrusted parties, the skill provides legitimate templates for standard development workflows.
- Ingestion points: File access to
databricks.yml,resources/*.yml, andsrc/directory contents. - Boundary markers: No specific delimiters or warnings for embedded instructions in the configuration templates.
- Capability inventory: Includes deployment, execution, and destruction of cloud resources via the Databricks CLI.
- Sanitization: Relies on the Databricks CLI's built-in schema validation and the platform's role-based access control (RBAC) system.
Audit Metadata