Skills
skills/databricks-solutions/ai-dev-kit/databricks-vector-search/Gen Agent Trust Hub

databricks-vector-search

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill describes a RAG architecture that ingests external data, creating an indirect prompt injection surface.
  • Ingestion points: Data enters the context via query_vs_index results and the WorkspaceClient.vector_search_indexes.query_index method, as documented in SKILL.md and end-to-end-rag.md.
  • Boundary markers: The implementation guide in end-to-end-rag.md (Step 6) lacks explicit delimiters or instructions to the agent to treat retrieved documents as untrusted data.
  • Capability inventory: The skill is associated with tools that can modify data and infrastructure, such as execute_sql, manage_vs_data (upsert/delete), and various endpoint/index management tools.
  • Sanitization: No data sanitization or validation routines for retrieved search results are presented in the documentation or code examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 10:55 AM
Security Audit — agent-trust-hub — databricks-vector-search