Skills
skills/jeremylongshore/claude-code-plugins-plus/databricks-performance-tuning/Gen Agent Trust Hub

databricks-performance-tuning

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (specifically SQL injection) because it interpolates user-provided or external data into SQL commands.
  • Ingestion points: Functions in SKILL.md such as optimize_delta_table, enable_liquid_clustering, and enable_predictive_optimization take arguments like table_name, z_order_columns, and cluster_columns which are directly embedded into SQL strings.
  • Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the prompt templates.
  • Capability inventory: The skill uses spark.sql() in SKILL.md to execute administrative and maintenance tasks on the Databricks cluster.
  • Sanitization: The code uses Python f-strings (e.g., spark.sql(f"OPTIMIZE {table_name}")) to build queries, lacking escaping or validation for the identifiers being passed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 01:03 AM