gold-layer-setup
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically assembles and executes SQL commands at runtime. Evidence:
scripts/setup_tables_template.pyuses string interpolation to build DDL statements from YAML config, which are then passed tospark.sql(). Evidence:scripts/add_fk_constraints_template.pysimilarly constructsALTER TABLEstatements dynamically. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the ingestion of external configuration data. Ingestion points: Reads configuration from
gold_layer_design/yaml/files. Boundary markers: None identified; the YAML content is treated as trusted metadata for SQL generation. Capability inventory: The skill has the capability to create, modify, and merge data in Unity Catalog tables viaspark.sql. Sanitization: Minimal sanitization is performed viaescape_sql_string, which only targets single quotes in comment fields. - [EXTERNAL_DOWNLOADS]: The skill identifies
pyyamlas a required dependency for the Databricks environment. Evidence:pyyaml>=6.0is specified as a dependency in the Databricks Asset Bundle templates and documentation.
Audit Metadata