dd-apm
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
pupCLI to perform core functions such as listing services, analyzing dependencies, and aggregating trace data. These commands are executed within the user's environment to interact with the Datadog API. - [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the
puputility via Homebrew (brew install pup) from a repository associated with the service provider. This is a standard installation procedure for a well-known monitoring tool. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface (Category 8) because it ingests and processes external monitoring data.
- Ingestion points: External data enters the agent's context through the output of commands like
pup traces search,pup traces aggregate, andpup apm services list(found inSKILL.md). - Boundary markers: No boundary markers or "ignore instructions" delimiters are used to wrap the output of the monitoring commands to prevent the agent from obeying instructions that might be embedded in service names or trace metadata.
- Capability inventory: The agent can execute shell commands via the
pupCLI and associated environment tools as described inSKILL.md. - Sanitization: There is no evident sanitization or filtering of the telemetry data (e.g., resource names, error messages) before it is analyzed by the agent.
Audit Metadata