databricks-data-handling
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Python and SQL to dynamically construct and execute commands on a Databricks environment. Specifically, the
GDPRHandlerandDataRetentionManagerclasses inreferences/implementation.mduse string interpolation to build SQL queries (e.g.,DELETE FROM {table_name} WHERE {user_column} = '{user_id}'). While intended for data maintenance, this pattern can be risky if inputs likeuser_idor table metadata are not strictly validated. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It processes external data (database tags and table contents) to perform critical operations like data deletion.
- Ingestion points: Reads table tags (
data_classification,retention_days) and user record data from Databricks catalogs (found inSKILL.mdandreferences/implementation.md). - Boundary markers: None identified. The skill lacks explicit instructions to ignore potentially malicious content within the metadata or data it processes.
- Capability inventory: The skill uses
spark.sql()to execute destructive operations (DELETE,VACUUM) and read operations across the entire catalog (found inreferences/implementation.md). - Sanitization: There is no evidence of input sanitization or parameterization for the dynamically constructed SQL strings beyond standard Spark SQL behavior.
Audit Metadata