datadog
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill makes network requests via
curltoapi.${DD_SITE}. While these domains are not on the global whitelist, they are the functional targets for Datadog services. No unauthorized exfiltration of sensitive local data was detected. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected. The skill processes untrusted data (logs, traces, and metrics) from external Datadog environments. An attacker could potentially embed malicious instructions within these logs to influence the agent's downstream behavior.
- Ingestion points: API responses from log and span search endpoints in
SKILL.md. - Boundary markers: Absent; the agent is not instructed to treat the returned data as untrusted or to ignore instructions within it.
- Capability inventory: The agent has the ability to execute shell commands (
curl,jq) which are used to process this data. - Sanitization: No explicit sanitization or filtering of the Datadog response content is performed.
- [CREDENTIALS_UNSAFE] (SAFE): The skill does not contain hardcoded secrets. It correctly instructs the agent to check for environment variables (
DD_API_KEY,DD_APP_KEY) and requests them from the user if they are missing. - [COMMAND_EXECUTION] (SAFE): Command execution is limited to
curlandjqfor API interaction and data parsing, which aligns with the skill's stated purpose.
Audit Metadata