Skills
skills/databricks-solutions/vibe-coding-workshop-template/databricks-autonomous-operations/Gen Agent Trust Hub

databricks-autonomous-operations

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill enables an autonomous self-healing loop that modifies code based on external input, creating a surface for indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context via databricks jobs get-run-output (Section 5 of SKILL.md) and pipeline event logs (Section 6 of SKILL.md).
  • Boundary markers: The skill does not use delimiters or instructions to ignore potential commands within the ingested log data.
  • Capability inventory: The agent is authorized to modify source files using file-editing tools and trigger deployments via databricks bundle deploy (as instructed in Step 5 and 6 of the playbook).
  • Sanitization: No sanitization or validation of the ingested logs is performed prior to the agent using the data to generate code 'fixes'.
  • [COMMAND_EXECUTION]: The skill uses the databricks CLI and shell scripts (specifically scripts/monitor_multitask_job.sh) to manage infrastructure, run jobs, and retrieve outputs.
  • [EXTERNAL_DOWNLOADS]: The skill contains instructions to install databricks-sdk and databricks-connect from well-known official repositories which are trusted sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 02:33 AM