dd-logs
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the 'pup' CLI tool from the datadog-labs GitHub repository using the Go package manager. This is the official tool provided by the vendor for managing Datadog resources.
- [COMMAND_EXECUTION]: Executes 'pup' commands to search logs, manage pipelines, and configure archives. It also demonstrates using 'jq' to process and filter JSON log data from the command line.
- [PROMPT_INJECTION]: The skill processes external search queries which presents a surface for indirect prompt injection.
- Ingestion points: User-provided query strings passed to
pup logs search --queryin SKILL.md. - Boundary markers: No specific delimiters or safety instructions are provided to the agent regarding the handling of untrusted log content or search parameters.
- Capability inventory: Execution of CLI commands ('pup', 'jq'), local file reading via the
@pipeline.jsonreference, and network operations conducted by the 'pup' tool. - Sanitization: The skill includes an illustrative Python snippet demonstrating how to use regular expressions to redact sensitive data (such as credit card numbers and SSNs) from logs before they are indexed.
Audit Metadata