databricks-metric-views
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently uses the Databricks CLI (
databricks experimental aitools tools) to execute discovery commands and SQL statements. This includes submitting long DDL for metric view creation via local files, which is a core and expected function for managing Databricks resources. - [EXTERNAL_DOWNLOADS]: The skill fetches asset definitions and configurations from official Databricks API endpoints (e.g.,
/api/2.0/sql/statements,/api/2.0/genie/spaces,/api/2.0/sql/dashboards). These operations target well-known Databricks services and are documented neutrally as standard data retrieval for analysis. - [PROMPT_INJECTION]: The Metric View Advisor workflow ingests untrusted data from multiple sources, including AI/BI dashboards, Genie spaces, and user-provided SQL or KPI files. While this creates a surface for indirect prompt injection (e.g., via malicious metadata in a dashboard), the risk is mitigated because the agent uses this data to generate structured YAML/SQL definitions rather than as direct operational instructions. The skill also employs
$$delimiters and YAML structures when generating these artifacts. - [DATA_EXFILTRATION]: The skill reads schema information, dashboard configurations, and local files to synthesize metric suggestions. These activities are limited to the Databricks environment and the local run folder; no evidence of data transmission to unauthorized or non-whitelisted external domains was detected.
Audit Metadata