Skills
NYC
skills/bobmatnyc/claude-mpm-skills/datadog-observability/Gen Agent Trust Hub

datadog-observability

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (HIGH): The skill instructs users to pipe a remote shell script from an S3 bucket directly into bash (curl -L ... | bash). This is an extremely high-risk pattern for remote code execution. Although the source is Datadog, it is not in the defined list of Trusted Organizations, and the pattern itself is inherently dangerous. Additionally, Windows setup uses msiexec to download and install a remote binary.
  • Evidence: Found in references/agent-installation.md for Linux and Windows installation paths.
  • Privilege Escalation (HIGH): The installation instructions require extensive use of sudo to modify system-level configurations and install packages. The Docker-based deployment also requires mounting the host Docker socket (/var/run/docker.sock) and sensitive filesystems (/proc, /sys), granting the agent significant administrative visibility and potential control over the host.
  • Evidence: Found in SKILL.md and references/agent-installation.md under Docker and Manual Installation sections.
  • Persistence Mechanisms (HIGH): The Linux installation instructions include commands to enable the Datadog Agent as a systemd service (systemctl enable datadog-agent), ensuring the agent runs persistently across system reboots.
  • Evidence: Found in references/agent-installation.md under Linux Package Installation.
  • Indirect Prompt Injection (LOW): The skill defines alerting templates that interpolate metric values and log data into notifications for external platforms like Slack and PagerDuty. This creates a surface for indirect prompt injection where an attacker could influence the content of administrative alerts by injecting malicious data into monitored logs.
  • Ingestion points: Application and container logs as configured in references/log-management.md.
  • Boundary markers: Absent; templates in references/alerting.md use simple interpolation for external data.
  • Capability inventory: Sending alerts to Slack, PagerDuty, and Webhooks as detailed in references/alerting.md.
  • Sanitization: No mechanisms for sanitizing or escaping log/metric content before interpolation into templates are specified.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:01 PM