The Agent Skills Directory

[COMMAND_EXECUTION]: The execute_sql tool allows for the direct execution of arbitrary SQL queries on a Databricks SQL Warehouse. This capability is inherent to the skill's purpose but represents a significant security surface if the agent is prompted to execute destructive or unauthorized commands.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ask_genie tool. Natural language questions provided by users are used to generate SQL queries. If an attacker provides a crafted question or if the underlying data/metadata in the Databricks tables contains malicious instructions, the generated SQL might perform unintended actions.
Ingestion points: User-provided strings in question parameter for ask_genie and display_name/description/sample_questions in create_or_update_genie.
Boundary markers: None explicitly defined in the prompt templates shown in the documentation.
Capability inventory: Includes execute_sql, create_or_update_genie, and delete_genie across the skill's toolset.
Sanitization: No specific sanitization or validation logic for the input strings is described in the provided files.
[SAFE]: All external references and related skills (e.g., databricks-unity-catalog, databricks-agent-bricks) are consistent with the author's identified vendor context ('databricks-solutions') and represent standard Databricks ecosystem integration.

databricks-genie