Skills
skills/databricks-solutions/ai-dev-kit/metric-views/Gen Agent Trust Hub

metric-views

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill presents an indirect prompt injection surface where untrusted input could influence SQL execution within the Databricks environment.
  • Ingestion points: The manage_metric_views tool accepts free-text SQL expressions in fields such as dimensions, measures, filter_expr, and where.
  • Boundary markers: No specific delimiters or validation logic is documented to separate user data from the SQL command structure.
  • Capability inventory: The skill can execute SQL to create, alter, and query database views, and modify permissions via the grant action.
  • Sanitization: Documentation does not indicate any sanitization or escaping of the provided SQL strings before they are incorporated into the YAML definition or executed.
  • [COMMAND_EXECUTION] (LOW): The skill provides an interface for administrative database operations.
  • The manage_metric_views tool includes actions for grant, drop, and alter, which can modify security policies and data structures in a production environment.
  • While these are intended functionalities, they necessitate strict access control to prevent unauthorized data modification or privilege escalation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:32 PM