skills/databricks-solutions/vibe-coding-workshop-template/genie-optimization-orchestrator/Gen Agent Trust Hub
genie-optimization-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The orchestrator executes shell commands via
subprocess.runto interact with the Databricks CLI (databricks bundle run,databricks bundle deploy). These are standard operational tasks for managing Databricks assets and do not involve unsanitized user input in a dangerous manner. - [EXTERNAL_DOWNLOADS]: The skill fetches configuration and metadata from the Databricks workspace via official APIs (
/api/2.0/genie/spaces/,/api/2.0/sql/statements). It also downloads MLflow artifacts (mlflow.artifacts.download_artifacts) to perform rollbacks and analysis. These operations target the user's own workspace and trusted MLflow tracking server. - [PROMPT_INJECTION]: While the skill manages LLM prompts for evaluation judges, it does not contain instructions to bypass safety filters or ignore prior directives. The prompts are strictly scoped to technical evaluation (e.g.,
schema_accuracy,logical_accuracy). - [DATA_EXFILTRATION]: Network operations are restricted to the Databricks control plane and MLflow tracking URI. The code includes logic to verify that the
MLFLOW_TRACKING_URIis set to 'databricks', preventing telemetry from being sent to unauthorized third-party servers. - [CREDENTIALS_UNSAFE]: The code references
DATABRICKS_TOKENandDATABRICKS_HOSTenvironment variables as requirements for remote execution, but it does not contain hardcoded secrets. It utilizes the officialWorkspaceClientwhich supports standard authentication mechanisms.
Audit Metadata