Skills
skills/datadog-labs/agent-skills/agent-observability-experiment-analyzer/Gen Agent Trust Hub

agent-observability-experiment-analyzer

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using the bash tool to interact with the pup CLI (pup llm-obs ...). This is a core feature used to fetch experiment data when MCP tools are unavailable.
  • [EXTERNAL_DOWNLOADS]: The skill references and directs the agent to interact with Datadog's infrastructure, specifically the official MCP server at mcp.datadoghq.com and various app.datadoghq.com links for UI navigation.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from LLM experiment traces (inputs, outputs, and metadata) via the get_llmobs_experiment_event and list_llmobs_experiment_events tools. Malicious content within these traces could attempt to influence the agent's analysis.
  • Ingestion points: Experiment event details and summaries retrieved from Datadog (SKILL.md).
  • Boundary markers: No specific delimiters or "ignore instructions" markers are used when the agent processes the content of retrieved events.
  • Capability inventory: The agent can execute bash commands (pup), write files, and create Datadog notebooks via MCP tools (SKILL.md).
  • Sanitization: The skill includes instructions to mask or redact PII from all user-visible outputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 08:56 AM
Security Audit — agent-trust-hub — agent-observability-experiment-analyzer