databricks-zerobus-ingest
Build Zerobus Ingest clients for near real-time data ingestion into Databricks Delta tables via gRPC. Use when creating producers that write directly to Unity Catalog tables without a message bus, working with the Zerobus Ingest SDK in Python/Java/Go/TypeScript/Rust, generating Protobuf schemas from UC tables, or implementing stream-based ingestion with ACK handling and retry logic.
89
86%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Risky
Do not use without reviewing
Security
2 findings — 1 high severity, 1 medium severity. You should review these findings carefully before considering using this skill.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 1.00). The prompt requires a service principal id and secret and shows code calling create_stream(client_id, client_secret, ...), meaning the agent is likely to embed or transmit secret values verbatim in generated code/execute calls (high exfiltration risk).
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.70). The skill explicitly runs runtime install/fetch commands (e.g., `go get github.com/databricks/zerobus-sdk-go`) and uses package installs (%pip / npm / go get) to fetch third‑party SDK code that will be executed as part of the workflow, so github.com/databricks/zerobus-sdk-go is a runtime external dependency that downloads and executes remote code required by the skill.
- Repository
- databricks-solutions/ai-dev-kit
- Commit
b4071a0
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.