databricks-cost-tuning
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted metadata from Databricks system tables and cluster configurations (e.g.,
cluster_name,custom_tags) which could be manipulated by an attacker to perform indirect prompt injection. \n - Ingestion points: System tables (
system.billing.usage) and workspace APIs (w.clusters.list()) inSKILL.md. \n - Boundary markers: No explicit delimiters or instructions to ignore embedded content are used when processing external data. \n
- Capability inventory: The skill utilizes powerful tools including
Bash(databricks:*),Write, andEditwhich could be abused if an injection is successful. \n - Sanitization: Metadata retrieved from the Databricks environment is not sanitized or validated before being included in reports or processed by the agent.
Audit Metadata