skills/jeremylongshore/claude-code-plugins-plus-skills/databricks-core-workflow-a/Gen Agent Trust Hub
databricks-core-workflow-a
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DYNAMIC_EXECUTION]: The function
aggregate_to_goldinsrc/pipelines/gold.pyuses the Pythoneval()function to process aggregation expressions constructed from string arguments. This pattern is highly dangerous as it allows for arbitrary code execution if the input dictionary keys or values are manipulated or contain malicious payloads.\n- [INDIRECT_PROMPT_INJECTION]: The skill facilitates reading and transforming data from external storage paths using powerful tools, which presents a vulnerability to indirect injection if the processed data contains malicious instructions.\n - Ingestion points: Data ingestion occurs through
source_pathiningest_to_bronzeand table references intransform_to_silverandaggregate_to_gold.\n - Boundary markers: There are no boundary markers or explicit instructions provided to the agent to disregard embedded commands in the data being processed.\n
- Capability inventory: The skill utilizes
Bash(databricks:*),Write,Edit, andReadcapabilities.\n - Sanitization: No data validation or sanitization routines are implemented to clean or verify external content before it is passed to downstream processing or aggregation functions.
Audit Metadata