skills/jeremylongshore/claude-code-plugins-plus-skills/databricks-incident-runbook/Gen Agent Trust Hub
databricks-incident-runbook
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines various Bash scripts and Databricks CLI commands to automate triage, remediation, and evidence collection. These commands are consistent with the skill's stated purpose for incident management.
- [EXTERNAL_DOWNLOADS]: The skill fetches service status data from 'status.databricks.com'. This is an official domain for a well-known technology service and is documented neutrally.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill ingests external data from Databricks job outputs and cluster logs which could be influenced by an attacker. 1. Ingestion points: The 'quick-triage.sh' and 'collect-incident-evidence.sh' scripts in SKILL.md read data from 'databricks runs get-output' and 'databricks clusters events'. 2. Boundary markers: Absent; the skill does not use delimiters to wrap external log content or instruct the agent to ignore instructions within that data. 3. Capability inventory: The skill has access to the Databricks CLI (databricks:*) and file-writing capabilities. 4. Sanitization: Absent; external log and error messages are interpolated directly into the agent context without validation or filtering.
Audit Metadata