datadog

[Skill Scanner] URL pointing to executable file detected All findings: [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Reference to external script with install/setup context (SC005) [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill is a legitimate Datadog monitoring setup guide. It requests sensitive inputs (API key, DB passwords) and prescribes high-privilege host access (docker.sock, /proc, cgroups) which are required for comprehensive monitoring but increase attack surface. No code in the provided text appears malicious or obfuscated; primary risks are operational: installer curl|bash from S3 without verification, credential handling, and granting container access to host internals. Recommend treating the agent as a high-privilege component: verify installers, use secret management, restrict mounts and network egress, and redact PII from traces/logs. LLM verification: This document is legitimate operational guidance for deploying Datadog and instrumenting applications. I found no direct indicators of malware or backdoors within the content itself. However, there are multiple supply-chain and privilege-related risks in the recommended operational patterns: executing an unsigned remote installer, unpinned language dependencies, writing API keys to disk without explicit permission guidance, and mounting high-privilege host paths into containers. These are common