databricks-metric-views

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill frequently uses the Databricks CLI (databricks experimental aitools tools) to execute discovery commands and SQL statements. This includes submitting long DDL for metric view creation via local files, which is a core and expected function for managing Databricks resources.
  • [EXTERNAL_DOWNLOADS]: The skill fetches asset definitions and configurations from official Databricks API endpoints (e.g., /api/2.0/sql/statements, /api/2.0/genie/spaces, /api/2.0/sql/dashboards). These operations target well-known Databricks services and are documented neutrally as standard data retrieval for analysis.
  • [PROMPT_INJECTION]: The Metric View Advisor workflow ingests untrusted data from multiple sources, including AI/BI dashboards, Genie spaces, and user-provided SQL or KPI files. While this creates a surface for indirect prompt injection (e.g., via malicious metadata in a dashboard), the risk is mitigated because the agent uses this data to generate structured YAML/SQL definitions rather than as direct operational instructions. The skill also employs $$ delimiters and YAML structures when generating these artifacts.
  • [DATA_EXFILTRATION]: The skill reads schema information, dashboard configurations, and local files to synthesize metric suggestions. These activities are limited to the Databricks environment and the local run folder; no evidence of data transmission to unauthorized or non-whitelisted external domains was detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 12:29 PM
Security Audit — agent-trust-hub — databricks-metric-views