zerobus-ingest
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires installing several packages such as 'databricks-zerobus-ingest-sdk' from public registries. These sources are not on the approved Trusted External Sources list.
- [CREDENTIALS_UNSAFE] (LOW): The skill involves managing 'DATABRICKS_CLIENT_SECRET' via environment variables. While standard practice, it involves handling sensitive authentication material.
- [COMMAND_EXECUTION] (LOW): Instructions include executing 'protoc' and 'grpc_tools' to generate code, which is a form of local command execution for dynamic code generation.
- [PROMPT_INJECTION] (MEDIUM): The skill creates an ingestion surface (Category 8) for external data into Delta tables. The absence of sanitization patterns for the record payloads presents a risk of indirect prompt injection if the data is subsequently consumed by an AI agent.
- [DATA_EXFILTRATION] (LOW): The skill enables network transmission of data to a remote Databricks endpoint, which is the intended purpose but constitutes an external data flow.
Audit Metadata