onboarding-summary
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes kubectl commands to query pod status, deployment manifests, and custom resource definitions within the Kubernetes cluster to verify instrumentation configuration.- [COMMAND_EXECUTION]: Uses the pup CLI tool to interact with Datadog APIs for service verification and trace search, which is appropriate for a tool authored by datadog-labs.- [SAFE]: Data retrieval is localized to the user's environment and the official Datadog service. Deep links are constructed using the user-provided DD_SITE variable, pointing to well-known Datadog domains.- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted output from cluster resources (kubectl) and external APIs (pup) to populate a Markdown report. While this presents a potential injection surface, it is considered a low risk inherent to the reporting functionality.
- Ingestion points: Command output from kubectl and pup (SKILL.md).
- Boundary markers: None present.
- Capability inventory: Subprocess execution via kubectl and pup.
- Sanitization: No explicit sanitization or escaping of command output is performed before inclusion in the final report template.
Audit Metadata