The Agent Skills Directory

[COMMAND_EXECUTION]: A SQL injection vulnerability exists in Step 6 of the script. The TABLE_NAME variable, derived from shell arguments, is interpolated directly into spark.sql() queries using f-strings without sanitization. This allows a user to execute arbitrary Spark SQL commands by providing a malicious table name.
[DATA_EXFILTRATION]: The skill accesses sensitive credentials by reading the ~/.databrickscfg file. While the script attempts to redact tokens using sed, the process of reading raw configuration files containing secrets is a data exposure risk, especially if the file structure differs from the expected pattern or the redaction is bypassed.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from external sources including Databricks cluster logs and Delta table histories (SKILL.md). This data is written to the debug bundle without sanitization or boundary markers, potentially allowing malicious content within those logs to influence subsequent users or agents that process the bundle. The skill maintains significant capabilities including file system access and network operations via curl and Bash (SKILL.md).

databricks-debug-bundle