observability-setup
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by consuming external configuration data from 'plans/manifests/observability-manifest.yaml' to drive its orchestration logic.
- Ingestion points: The orchestrator reads artifact definitions, SQL queries, and metadata from the 'observability-manifest.yaml' file during the mandatory Phase 0.
- Boundary markers: There are no explicit delimiters or boundary instructions provided to the agent to distinguish between its internal instructions and the potentially untrusted content of the manifest file.
- Capability inventory: The skill possesses significant capabilities, including the ability to create monitors, retrieve schema information, and deploy dashboards/alerts using the Databricks SDK ('w.data_quality.create_monitor', 'w.schemas.get').
- Sanitization: The implementation uses 'yaml.safe_load()' to prevent YAML-level exploitation, but it lacks secondary validation or sanitization of the logical content (e.g., table names or SQL queries) before they are passed to SDK methods.
Audit Metadata