data-platform
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data that could contain malicious instructions, creating a surface for indirect prompt injection.
- Ingestion points: Shell output captured via
tmux capture-pane(references/cloud-auth.md) and tool outputs fromdbtanddatabricksCLI. - Boundary markers: No delimiters or safety warnings are used to isolate external data from the agent's instructions.
- Capability inventory: The skill uses
tmux send-keysto execute commands, performsdatabricks api postoperations, and executesdbt runcommands. - Sanitization: The skill lacks explicit sanitization or validation logic for data ingested from shell panes or external logs.
- [COMMAND_EXECUTION]: The skill utilizes
tmux send-keysto interact with external shell environments. This workflow allows the agent to execute commands using the user's authenticated session, which is necessary for the stated auth tasks but presents a risk if the agent is manipulated into sending unintended commands. - [EXTERNAL_DOWNLOADS]: Instructions include installing the
jupyter-databricks-kernelpackage. This is a vendor-owned resource provided by the skill author to facilitate Databricks-backed notebook execution.
Audit Metadata