databricks-metric-views
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by accepting raw SQL fragments that are used to build and execute Databricks views and queries. . Ingestion points: User-provided SQL expressions in parameters like 'expr', 'filter_expr', and 'where' within the 'manage_metric_views' tool. . Boundary markers: No delimiters or 'ignore' instructions are defined to separate user-provided SQL from the tool's command templates. . Capability inventory: The 'manage_metric_views' tool can create, alter, and drop views, execute analytical queries, and manage access controls via the 'grant' action. . Sanitization: The documentation does not mention any sanitization, validation, or escaping routines for the provided SQL strings.
- [COMMAND_EXECUTION]: The skill performs dynamic SQL generation and execution on Databricks warehouses to manage the lifecycle and access permissions of governed metric views.
- [EXTERNAL_DOWNLOADS]: The skill references official Databricks documentation and relies on the 'databricks-sdk' for operational tasks like materialization refreshes.
Audit Metadata