datadog-automation
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the addition of an external MCP server at 'https://rube.app/mcp'. This domain is not part of the established trusted organizations or repositories, posing a supply-chain risk as the agent executes logic provided by this remote endpoint.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface identified. 1. Ingestion points: Data is brought into the agent context through 'DATADOG_SEARCH_LOGS' and 'DATADOG_LIST_EVENTS'. 2. Boundary markers: None; the instructions lack delimiters to isolate external log content from agent instructions. 3. Capability inventory: The skill provides high-impact tools such as 'DATADOG_DELETE_DASHBOARD' (permanent deletion), 'DATADOG_MUTE_MONITOR', and 'DATADOG_CREATE_EVENT' (allowing @mentions). 4. Sanitization: No sanitization or validation of the ingested log/event content is implemented to prevent instruction override.
Audit Metadata