datadog
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (HIGH): The skill promotes a highly dangerous installation pattern:
curl -sSL https://canifi.com/skills/datadog/install.sh | bash. This executes unverified remote scripts with the user's shell privileges. - External Downloads (HIGH): The skill relies on scripts and tools hosted at
canifi.com, which is not a trusted source according to security standards. This includes the main skill installer and thecanifi-envmanagement tool. - Unsafe Credentials (HIGH): The 'Option 2: Environment Variables' setup instructs users to store
SERVICE_PASSWORDin plaintext viacanifi-env. While the skill claims these are only local, they are ingested by the LLM agent to perform browser automation, posing a significant risk of credential exposure or exfiltration if the agent's context is compromised. - Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted external data from Datadog logs and APM traces.
- Ingestion points: Data is retrieved from
app.datadoghq.com(Logs, APM, Dashboards). - Boundary markers: No delimiters or instructions are provided to the agent to ignore potentially malicious content within logs.
- Capability inventory: The skill utilizes Playwright for browser automation and has access to the local terminal via
canifi-env. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from Datadog before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/skills/datadog/install.sh, https://canifi.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata