lakebase-setup
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill provides instructional content and setup scripts for Databricks Lakebase using official tools. No malicious intent or suspicious patterns were detected.
- [COMMAND_EXECUTION]: The skill includes instructions for running
databricksCLI commands anduvto deploy resources and manage environment configurations. These are standard operations for Databricks application development. - [DYNAMIC_EXECUTION]: Python initialization scripts are executed via
python -cand shell heredocs. These scripts are used for one-time table setup and permission granting during the configuration phase, which is standard practice for this type of infrastructure-as-code setup. - [DATA_EXPOSURE]: The skill references
.envfiles and environment variables for configuration. All sensitive values (like instance names and client IDs) are provided as placeholders, following security best practices for documentation. - [PROMPT_INJECTION]: The skill facilitates the creation of a persistent memory store (LangGraph Store), which introduces an indirect prompt injection surface by allowing agents to ingest and act upon historically stored user data. This is a characteristic of memory-enabled agents rather than a vulnerability in the skill itself.
- Ingestion points:
AsyncDatabricksStoreused inSKILL.mdto persist and retrieve agent memories. - Boundary markers: No specific boundary markers or 'ignore' instructions are defined in the setup templates.
- Capability inventory: Read and write access to Lakebase PostgreSQL tables (
store,store_vectors). - Sanitization: Sanitization and validation of retrieved memory are expected to be implemented within the agent logic that utilizes this store.
Audit Metadata