databricks-spark-declarative-pipelines
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified during the analysis. The skill follows security best practices for the Databricks platform.
- [DATA_EXPOSURE_&_EXFILTRATION]: No evidence of hardcoded credentials or data exfiltration. The skill correctly instructs users to use Databricks Secrets (e.g.,
{{secrets/kafka/password}}) and environment variables for sensitive information. - [INDIRECT_PROMPT_INJECTION]: While the skill defines an attack surface by ingesting untrusted data from cloud storage and streaming sources (Kafka/Event Hub), it implements structural defenses through explicit schema definitions (
schemaHints) and Unity Catalog integration. As a data engineering tool, this ingestion is consistent with its primary purpose and is managed within a trusted vendor environment. - [REMOTE_CODE_EXECUTION]: The skill uses official Databricks CLI tools (
databricks pipelines init,databricks bundle deploy) and managed MCP tools for pipeline orchestration. No unauthorized or suspicious remote code execution patterns were found.
Audit Metadata