skills/databricks-solutions/vibe-coding-workshop-template/databricks-expert-agent/Gen Agent Trust Hub
databricks-expert-agent
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate development tool that facilitates Databricks resource automation. It uses secure Python libraries and methods, specifically
yaml.safe_load, to handle configuration files, minimizing risks associated with untrusted data deserialization. - [COMMAND_EXECUTION]: The agent dynamically generates and executes SQL DDL and DML commands (via
spark.sql) using metadata extracted from local project files. This is the core intended functionality of the skill for automating the deployment of managed tables, views, and functions within a Databricks environment. - [DATA_EXFILTRATION]: The skill performs read operations on local workspace files including YAML, SQL, and Markdown to extract schema definitions. There is no evidence of network activity, external API calls, or data transmission to third-party domains.
- [PROMPT_INJECTION]: The skill processes project-level configuration files to derive table and column names. While this creates a structural surface for indirect prompt injection, the risk is mitigated by the 'safe-loading' implementation and the fact that these files are part of the user's own controlled source code repository.
Audit Metadata