skills/databricks-solutions/vibe-coding-workshop-template/naming-tagging-standards/Gen Agent Trust Hub
naming-tagging-standards
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its flexible configuration resolution logic. It is explicitly instructed to scan the
context/directory for files in any format (YAML, CSV, Markdown, JSON, TXT, or free-form text) and "interpret intent" to derive tagging standards and smart defaults. - Ingestion points: The agent scans the
context/directory for files matching naming patterns like*tag*,*tagging*, or*governance*(defined inSKILL.md). - Boundary markers: No delimiters or instructions to ignore embedded commands are specified when parsing these external files.
- Capability inventory: The skill generates and executes SQL commands (
ALTER CATALOG,ALTER SCHEMA,ALTER TABLE ... SET TAGS) and modifies Databricks Asset Bundle configurations based on the parsed data. - Sanitization: There is no evidence of sanitization or strict schema validation for free-form or natural language inputs extracted from the user-provided files.
Audit Metadata