databricks-debug-bundle
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses positional arguments ($1, $2, $3) directly in shell commands and Python scripts without sanitization. This allows for command injection in the shell (e.g., in
databricks clusters get) and SQL injection in the Spark SQL queries (e.g.,spark.sql(f"DESCRIBE HISTORY {TABLE_NAME}")). - [CREDENTIALS_UNSAFE]: The script reads the user's Databricks configuration file (~/.databrickscfg). While it attempts to redact the token using sed, accessing raw credential files is a security risk, and the redaction logic may not cover all configuration formats.
- [COMMAND_EXECUTION]: The skill uses shell heredocs to dynamically generate and execute Python code (python3 << EOF), which incorporates unvalidated shell variables into the executable script block.
Audit Metadata