migrate-from-model-serving
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill extensively uses the Databricks CLI for authentication, resource configuration, and deployment tasks (e.g.,
databricks bundle deploy,databricks bundle run). These are standard operations for managing the Databricks platform. - [EXTERNAL_DOWNLOADS]: Fetches MLflow model artifacts from the Databricks Model Registry using the
mlflow.artifacts.download_artifactsAPI. This is a trusted internal source within the user's workspace context. - [REMOTE_CODE_EXECUTION]: The skill facilitates the download of Python scripts from a remote Model Serving endpoint to a local directory (
./original_mlflow_model/code/) and subsequently executes them in a new app environment usinguv run start-appanddatabricks bundle run. - [PROMPT_INJECTION]: The skill identifies an indirect injection surface by processing and executing code artifacts retrieved from a model registry.
- Ingestion points: Python files are downloaded from the remote Model Registry into
original_mlflow_model/code/for migration. - Boundary markers: No specific delimiters or safety instructions are used to isolate the downloaded code from the migration agent's context.
- Capability inventory: The skill is capable of executing the migrated code locally and in a production app environment via
uvanddatabricks bundlecommands. - Sanitization: The migration instructions do not include steps for sanitizing or auditing the downloaded code before it is executed.
Audit Metadata