lakebase-setup
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
databricksCLI for environment configuration, resource deployment, and retrieving service principal identifiers. These are standard administrative actions for the Databricks platform. - [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
databricks-langchainpackage viauv sync. This is a vendor-owned library necessary for the storage functionality described. - [PROMPT_INJECTION]: By facilitating the setup of 'Long-term memory' (storing user facts across sessions), the skill creates an attack surface for indirect prompt injection. If malicious instructions are stored in the memory backend, they could influence the agent's behavior when retrieved in future sessions.
- Ingestion points: User facts and conversation history stored via
AsyncDatabricksStoreandAsyncCheckpointSaver. - Boundary markers: The setup instructions do not specify the use of delimiters or 'ignore' instructions for retrieved memory content.
- Capability inventory: The agent templates associated with this setup utilize subprocess calls (
databricksCLI) and database operations. - Sanitization: No explicit sanitization or validation logic is provided in this configuration guide.
Audit Metadata