databricks-pipelines
Warn
Audited by Snyk on Apr 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to ingest and process data from external/untrusted sources (e.g., Auto Loader load("s3://bucket/path") / read_files('s3://bucket/path') in references/auto-loader-.md and streaming sources like read_kafka/read_pubsub/read_pulsar in references/streaming-table-.md), and that ingested content (stream events/files) is meant to be read and can drive pipeline behavior (CDC deletes/truncates, ForEachBatch SQL/merges), so untrusted third‑party data could indirectly inject instructions that alter tool actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill's scaffolding docs include a Linux install that fetches and executes remote code via curl -fsSL https://raw.githubusercontent.com/databricks/setup-cli/main/install.sh | sh (a required CLI installation step), which executes remote code during setup.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata