databricks-ai-functions
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill documents patterns for building data pipelines that process untrusted external data (e.g., PDF/Office documents loaded from Volumes) using AI-powered functions like
ai_query,ai_gen, andai_extract. These patterns involve interpolating the content of these documents directly into model prompts, creating a surface for indirect prompt injection where a malicious document could attempt to influence the agent's behavior or the pipeline's output. - Ingestion points: Binary files are loaded using
read_filesandspark.read.format("binaryFile")inSKILL.mdand4-document-processing-pipeline.md. - Boundary markers: The skill uses minimal boundary markers (e.g.,
\n\nDocument text:\n) which may not be sufficient to prevent adversarial input from breaking out of the context. - Capability inventory: The skill provides instructions for the agent to execute complex data enrichment and extraction logic based on the output of these AI functions.
- Sanitization: No explicit sanitization or input validation logic is present in the provided pipeline examples.
Audit Metadata