databricks-asset-bundles
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Remote Code Execution (CRITICAL): Automated scans detected the command 'curl -fsSL https://raw.githubusercontent.com/databricks/setup-cli/main/install.sh | sh'. This is a confirmed detection of a piped shell execution pattern from a source ('databricks') that is not on the trusted organizations list.
- Command Execution (LOW): The file 'templates/deployment_workflow.py' uses 'subprocess.run' to execute the 'databricks' CLI. While it avoids 'shell=True' by using an argument list, it still enables system-level command execution based on untrusted configuration files.
- Indirect Prompt Injection (LOW): This skill ingests untrusted data via YAML configuration files which are then used to build CLI commands. 1. Ingestion points: 'templates/databricks.yml', 'templates/environments-dev.yml', 'templates/environments-prod.yml'. 2. Boundary markers: None. 3. Capability inventory: System command execution via 'subprocess.run'. 4. Sanitization: No input validation or escaping is performed on the configuration variables.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/databricks/setup-cli/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata