semantic-layer-setup
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from an external manifest file to determine which resources to create, representing a surface for indirect prompt injection.
- Ingestion points: Phase 0 reads the 'plans/manifests/semantic-layer-manifest.yaml' file.
- Boundary markers: The skill uses 'yaml.safe_load()' and requires the manifest to be present to proceed.
- Capability inventory: Capability includes writing Python, SQL, and JSON files to the filesystem, executing 'databricks bundle' CLI commands, and performing SQL queries against the information schema.
- Sanitization: Extensive validation gates are implemented to cross-reference all table and column names against a 'gold_inventory' built from verified catalog metadata.
- [EXTERNAL_DOWNLOADS]: The provided job template ('assets/templates/semantic-layer-job-template.yml') specifies dependencies on well-known Python packages 'pyyaml' and 'requests' for the Databricks environment.
- [COMMAND_EXECUTION]: The orchestrator facilitates the deployment and execution of semantic layer jobs using 'databricks bundle deploy' and 'databricks bundle run' commands.
Audit Metadata