skills/databricks-solutions/vibe-coding-workshop-template/genie-optimization-applier/Gen Agent Trust Hub
genie-optimization-applier
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses system calls to interact with standard development and cloud tools.
- Evidence: In
scripts/optimization_applier.py, thesubprocess.runfunction is used to executedatabricks bundlecommands for validation, deployment, and job execution. - Evidence:
scripts/optimization_applier.pycallsgit diffto verify the state of the repository as part of its dual-persistence integrity check. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection via optimized metadata proposals.
- Ingestion points: The skill accepts
candidatemetadata andpatch_setobjects from external orchestrators as described inSKILL.md. - Boundary markers: There are no explicit delimiters or 'ignore' instructions implemented when interpolating these inputs into SQL comments or Genie Space instructions.
- Capability inventory: The skill can execute DDL (e.g.,
ALTER TABLE,CREATE VIEW) and modify Genie Space configurations via the Databricks API. - Sanitization: Content is serialized using
json.dumpsfor API delivery, ensuring structural safety, but the skill lacks content-level sanitization for the descriptive text injected into metadata fields.
Audit Metadata