databricks-zerobus-ingest

Warn

Audited by Snyk on Jul 4, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime installation of remote packages that will fetch and execute code (e.g., "%pip install databricks-sdk>=... databricks-zerobus-ingest-sdk>=..." and "pip install databricks-zerobus-ingest-sdk>=1.0.0", as well as "npm install @databricks/zerobus-ingest-sdk" and "go get github.com/databricks/zerobus-sdk-go"), which are required dependencies and therefore fetch/execute remote code from registries such as PyPI (e.g. https://pypi.org/project/databricks-zerobus-ingest-sdk) during skill runtime.

Issues (1)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 4, 2026, 04:16 AM
Issues
1
Security Audit — snyk — databricks-zerobus-ingest