Skills
skills/databricks-solutions/ai-dev-kit/databricks-model-serving/Gen Agent Trust Hub

databricks-model-serving

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DYNAMIC_EXECUTION]: File '2-custom-pyfunc.md' uses 'pickle.load()' in an example to deserialize model artifacts. While standard for MLflow, deserializing untrusted data can lead to arbitrary code execution.
  • [DYNAMIC_EXECUTION]: File '4-tools-integration.md' provides a tool example using 'eval()' to process user input for mathematical expressions. The example attempts to sandbox the execution, but 'eval' remains a security concern when handling strings from users.
  • [COMMAND_EXECUTION]: The skill instructions leverage the 'execute_code' tool to install dependencies and run Python test scripts within the Databricks environment.
  • [INDIRECT_PROMPT_INJECTION]: The 'calculate' tool in '4-tools-integration.md' presents an injection surface where user-supplied content is evaluated. Ingestion points: 'expression' argument. Boundary markers: None. Capability inventory: Uses 'eval()'. Sanitization: Removes 'builtins' and whitelists 'math' module functions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 10:56 AM