datadog-cli
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill relies on
npx @leoflores/datadog-clito execute code. This package is from an unverified personal scope rather than a trusted organization. - COMMAND_EXECUTION (HIGH): The skill enables destructive operations in production environments, specifically
dashboards deleteanddashboards update(which is documented as destructive inreferences/dashboards.md). - PROMPT_INJECTION (HIGH): The skill exhibits a significant Indirect Prompt Injection (Category 8) vulnerability surface.
- Ingestion points: The skill ingests untrusted log data through
logs searchandlogs tail(SKILL.md). - Boundary markers: There are no boundary markers or instructions to the agent to ignore embedded commands in the log data.
- Capability inventory: The skill allows the agent to delete or overwrite Datadog dashboards and execute CLI commands.
- Sanitization: No sanitization of ingested log content is performed. An attacker could inject malicious instructions into application logs that, when read by the agent, trigger the deletion of dashboards.
- METADATA_POISONING (MEDIUM): There is a suspicious discrepancy between the README (linking to
leonardocouy/datadog-cli) and the actual implementation inSKILL.md(using@leoflores/datadog-cli), which may mislead users regarding the software's origin.
Recommendations
- AI detected serious security threats
Audit Metadata