databricks-lakebase-autoscale
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
connection-patterns.mdfile contains a utility functionresolve_hostnamethat executes thedigcommand usingsubprocess.run. While it uses a list of arguments to mitigate shell injection, it invokes an external system binary with input derived from resource properties. - [PROMPT_INJECTION]: The skill facilitates data ingestion from external Unity Catalog tables into a PostgreSQL database via Reverse ETL, creating an indirect prompt injection surface.
- Ingestion points: Data is pulled from source tables specified by the
source_table_full_nameparameter inreverse-etl.md. - Boundary markers: No specific boundary markers or instructions to ignore embedded instructions are implemented in the synchronization logic.
- Capability inventory: The skill possesses extensive capabilities, including creating/deleting infrastructure via
databricks-sdk, generating authentication tokens, and executing SQL queries viapsycopg. - Sanitization: No explicit sanitization or validation of the synced data content is demonstrated before it reaches the operational database.
Audit Metadata