skill-freshness-audit
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references and fetches documentation and code patterns from official sites like docs.databricks.com, mlflow.org, and learn.microsoft.com, as well as the databricks-solutions GitHub repository. These fetches are used solely for auditing and verification purposes and target well-known, trusted sources.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection (Category 8) by ingesting data from external URLs for processing. * Ingestion points: Document URLs in references/verification-sources.md and upstream paths from databricks-solutions/ai-dev-kit. * Boundary markers: Not present; the skill does not wrap external data in delimiters or provide ignore-instruction warnings. * Capability inventory: The skill uses WebFetch for network retrieval and the local scripts/scan_skill_freshness.py script for file system reads. * Sanitization: Absent; the skill performs no filtering or validation on the content retrieved from external sources before the agent processes it for drift detection.
Audit Metadata