Skills
skills/fusionet24/aiskills/databricks-notebook-manager/Gen Agent Trust Hub

databricks-notebook-manager

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The generate_ingestion_notebook function implements a vulnerable script generation pattern using Python f-strings to concatenate code with external inputs.
  • Ingestion points: The spec dictionary, which contains user-influenced values like source_location, target_table, and format_type.
  • Boundary markers: None. The variables are placed directly inside string literals without escaping or validation.
  • Capability inventory: The generated notebooks have access to Spark, Databricks Secrets, and cloud storage via the WorkspaceClient and the spark session.
  • Sanitization: No sanitization is performed on the input data before it is converted into executable code.
  • [COMMAND_EXECUTION]: The skill facilitates the creation and programmatic execution of notebooks that interact with Spark and cluster resources. The lack of input sanitization in the generate_ingestion_notebook function creates a vector for injecting unauthorized Spark SQL or Python commands via malicious input specifications.
  • [DATA_EXFILTRATION]: The skill processes data ingestion specifications including source paths and target tables. Without strict validation of these inputs, the skill could be misused to access unauthorized storage locations or overwrite protected datasets in Unity Catalog.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 01:09 AM