skills/databricks-solutions/vibe-coding-workshop-template/unity-catalog-constraints/Gen Agent Trust Hub
unity-catalog-constraints
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The utility script
scripts/apply_constraints.pyis susceptible to indirect prompt injection (specifically SQL injection) through the dynamic construction of DDL statements. - Ingestion points: The script retrieves values for
catalogandgold_schemadirectly from Databricks widgets usingdbutils.widgets.get(). - Boundary markers: No delimiters or validation logic are present to ensure that the inputs match expected naming patterns or do not contain malicious SQL fragments.
- Capability inventory: The skill possesses the capability to execute administrative database operations via
spark.sql(), includingALTER TABLEandDROP CONSTRAINT. - Sanitization: The script uses Python f-strings to interpolate widget values directly into SQL strings without any escaping or validation (e.g.,
spark.sql(f"ALTER TABLE {fqn} ...")). An attacker controlling the widget parameters could potentially execute arbitrary SQL. - [COMMAND_EXECUTION]: The script
scripts/apply_constraints.pyperforms dynamic execution of SQL commands generated at runtime. While these commands are intended for metadata management, the pattern of building executable strings from external input is a known security risk vector.
Audit Metadata