datadog-cli
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the agent to use 'npx @leoflores/datadog-cli', which downloads and executes code from the npm registry. The package author/organization (@leoflores) is not on the trusted organizations list, presenting a risk of supply chain attacks.
- [REMOTE_CODE_EXECUTION] (MEDIUM): Running code via npx constitutes remote code execution, as the package logic is fetched and executed at runtime from an external registry.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection. It ingests log data from Datadog (via 'logs search' and 'logs tail') which can be controlled by external attackers. Malicious log content could attempt to trick the agent into using the skill's dashboard management capabilities to delete or modify production data. Evidence: 1. Ingestion points: 'logs search' in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: 'dashboards delete' and 'dashboards update' in SKILL.md. 4. Sanitization: Absent.
- [COMMAND_EXECUTION] (MEDIUM): The dashboard update workflow described in references/dashboards.md involves writing JSON to /tmp/dashboard.json and using jq to extract values for shell command construction. This complex interpolation poses a command injection risk if the processed data contains shell-sensitive characters.
Audit Metadata