skills/jeremylongshore/claude-code-plugins-plus-skills/databricks-multi-env-setup/Gen Agent Trust Hub
databricks-multi-env-setup
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The promotion script
scripts/promote_to_prod.pyutilizessubprocess.runto automate deployment and testing workflows usingdatabricksandgitCLI tools. - Evidence: The implementation uses list-based arguments (e.g.,
subprocess.run(["databricks", "bundle", "deploy", "-t", "prod"])), which is a secure coding practice that prevents shell injection vulnerabilities. - [CREDENTIALS_UNSAFE]: The skill correctly handles sensitive configuration through environment variables and dedicated secret management services.
- Evidence: No hardcoded secrets, tokens, or passwords were found in the templates or scripts. The
EnvironmentSecretsclass demonstrates the correct use of thedatabricks-sdkto retrieve secrets from protected scopes. - [SAFE]: The architecture utilizes Unity Catalog for data governance and isolation, following official Databricks security recommendations for multi-environment deployments.
Audit Metadata