datadog-operations

================================================================================

🔴 VERDICT: CRITICAL

This skill is critically insecure due to its reliance on external, unprovided shell scripts. The core functionality of the skill is implemented in bash scripts/*.sh files, but the content of these files was not provided for analysis. This means the skill instructs the agent to execute arbitrary, unverified code. Such scripts could contain malicious commands for data exfiltration, privilege escalation, persistence, or any other harmful action. The skill also handles sensitive Datadog API keys, which could be misused by these unverified scripts.

Total Findings: 2

🔴 CRITICAL Findings: • Unverifiable Dependencies / Command Execution

• Line 30: The skill explicitly instructs the agent to execute bash scripts/*.sh files (e.g., bash scripts/query-apm.sh). The content of these scripts is not provided in the skill definition, making them entirely unverified. This poses a critical risk as these scripts could contain arbitrary malicious commands, including data exfiltration, privilege escalation, or persistence mechanisms, without the possibility of prior analysis.

ℹ️ LOW Findings: • Indirect Prompt Injection

• Line 1: The skill processes various external data from Datadog (APM traces, logs, security signals, etc.). If any of this data could be controlled by an attacker (e.g., through malicious log entries or trace names), it could lead to indirect prompt injection when the processed information is presented to an LLM.

================================================================================