Skills
skills/databricks-solutions/ai-dev-kit/databricks-jobs/Gen Agent Trust Hub

databricks-jobs

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes job metadata (names, descriptions) and task values from the Databricks workspace which could contain malicious instructions.
  • Ingestion points: Job names and descriptions are fetched via w.jobs.list() and w.jobs.get() in SKILL.md and task-types.md.
  • Boundary markers: The skill instructions do not include delimiters or specific guidance to ignore natural language instructions embedded in retrieved metadata.
  • Capability inventory: The skill has the ability to create, trigger, and delete jobs (w.jobs.delete, databricks bundle destroy), which could be abused if the agent is manipulated.
  • Sanitization: No sanitization is performed on strings retrieved from the Databricks environment.
  • [COMMAND_EXECUTION]: A documentation example in examples.md for a notebook (process_region.py) demonstrates building SQL queries using string interpolation (f-strings) with widget parameters, which is a classic SQL injection pattern.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 03:43 PM