The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local Python scripts to publish datasets to Datadog and run generated experiments via the Bash tool. To mitigate risk, Phase 5 implements a mandatory human review checkpoint where the user must explicitly confirm the experiment code before execution.
[PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting untrusted production traces from the LLM application. These traces are used to derive failure modes and bootstrap evaluators in subsequent phases.
Ingestion points: Production traces are retrieved from Datadog via search_llmobs_spans in SKILL.md (Precheck and Phase 4).
Boundary markers: The orchestration layer does not define explicit markers, relying on the logic of called sub-skills.
Capability inventory: The skill possesses capabilities for shell command execution (Bash), local file system writes (state and artifacts), and network operations to Datadog.
Sanitization: The skill performs a PII scrub during the trace sampling process in Phase 4 before records are published to the dataset.
[CREDENTIALS_UNSAFE]: The skill resolves Datadog API and Application keys by reading sensitive configuration files, including .env files and ~/.datadog/credentials. It follows security best practices by not logging secret values and advising users on proper usage of .gitignore to prevent credential leakage.
[EXTERNAL_DOWNLOADS]: The skill communicates with Datadog's official domains (datadoghq.com) to search for spans and publish experiment results. These network operations are consistent with the skill's purpose and target a well-known technology service.

agent-observability-eval-pipeline