datadog-automation
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The setup instructions direct users to add an unverified external endpoint 'https://rube.app/mcp'. This domain is not on the trusted sources list, and the server provides the tool definitions and logic for the agent's operations, effectively allowing dynamic loading of capabilities from an untrusted source.
- PROMPT_INJECTION (LOW): This skill exhibits a surface for indirect prompt injection. It ingests untrusted data from Datadog (logs and events) and possesses high-impact capabilities like 'DATADOG_DELETE_DASHBOARD' and 'DATADOG_MUTE_MONITOR'. * Ingestion points: 'DATADOG_SEARCH_LOGS' and 'DATADOG_LIST_EVENTS' (SKILL.md). * Boundary markers: Absent. There are no instructions to treat external data as untrusted. * Capability inventory: 'DATADOG_DELETE_DASHBOARD', 'DATADOG_MUTE_MONITOR', 'DATADOG_UPDATE_DASHBOARD'. * Sanitization: Absent. The skill does not describe any validation or escaping of the ingested content.
Audit Metadata