Skills
skills/databricks-solutions/vibe-coding-workshop-template/02-merge-patterns/Gen Agent Trust Hub

02-merge-patterns

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from Silver tables and metadata from YAML configuration files.
  • Ingestion points: The template scripts (e.g., accumulating-snapshot-merge.py, periodic-snapshot-merge.py) read data using spark.table() and configuration via yaml.safe_load().
  • Boundary markers: No explicit delimiters or instructions are used to separate data from processing logic.
  • Capability inventory: The skill performs DeltaTable.merge() operations, which can alter production datasets in the Gold layer.
  • Sanitization: The implementation uses yaml.safe_load() to prevent unsafe object instantiation during configuration parsing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 02:33 AM