databricks-core
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: Provides instructions to download and execute the official Databricks CLI setup script from the vendor's GitHub repository. \n
- Evidence:
curl -fsSL https://raw.githubusercontent.com/databricks/setup-cli/main/install.sh | shindatabricks-cli-install.md.\n- [EXTERNAL_DOWNLOADS]: Fetches CLI binaries and release metadata from official Databricks repositories. \n - Evidence: Downloads from
https://api.github.com/repos/databricks/cli/releases/latestindatabricks-cli-install.md.\n- [COMMAND_EXECUTION]: Instructs the agent on using thedatabricksCLI for workspace management, authentication, and SQL data exploration.\n- [CREDENTIALS_UNSAFE]: Manages workspace authentication and local profile configuration in~/.databrickscfg. The skill explicitly prioritizes OAuth2 and warns against the use of Personal Access Tokens (PAT).\n- [PROMPT_INJECTION]: The data exploration tools ingest table contents and metadata which could potentially contain malicious instructions (Indirect Prompt Injection surface). \n - Ingestion points: SQL query results and table schemas fetched via
databricks experimental aitools tools queryanddiscover-schemaindata-exploration.md. \n - Boundary markers: None explicitly defined in the shell commands. \n
- Capability inventory: Shell command execution, filesystem access for configuration and profile modification. \n
- Sanitization: None specified for processing external database content.
Audit Metadata