databricks-apps
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill handles several ingestion points for untrusted data, which could potentially serve as a surface for indirect prompt injection. \n
- Ingestion points: Data enters the system via SQL query parameters in 'config/queries/', file uploads to Unity Catalog Volumes using the Files plugin, and natural language input for the Genie chat component. \n
- Boundary markers: The skill instructs developers to use 'sql.*' helper functions (such as 'sql.string' and 'sql.date') to parameterize queries and explicitly recommends using Zod for runtime validation in tRPC routes. \n
- Capability inventory: The agent can execute SQL queries, manage files in UC Volumes, call Model Serving endpoints, and trigger Lakeflow Jobs. \n
- Sanitization: Documentation mandates the use of SQL parameterization and schema validation to mitigate injection risks.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of official Databricks libraries and tools from standard registries. \n
- Specifically mentions the use of '@databricks/appkit', '@databricks/appkit-ui', and '@databricks/lakebase' packages. \n
- Supports scaffolding new projects from external Git repositories using the 'databricks apps init --template <GIT_URL>' command.\n- [COMMAND_EXECUTION]: The skill relies on the execution of the 'databricks' CLI for core development workflows. \n
- Includes commands for application initialization ('init'), validation ('validate'), and deployment ('deploy'). \n
- Uses CLI tools for resource discovery, such as listing warehouses and databases.
Audit Metadata