The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the pup CLI tool via Bash to interact with Datadog services. It instructs the agent to construct commands using user-provided strings for ml_app and eval_name. This pattern creates a potential surface for command injection if the agent executes these identifiers without proper sanitization in the shell environment.
[DATA_EXFILTRATION]: By design, the skill retrieves and processes sensitive production telemetry, including full conversation histories (messages), retrieved documents, and metadata from LLM observability traces. This production data is brought into the agent's context for analysis.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes production traces which may contain adversarial instructions.
Ingestion points: Reads messages, input, output, and documents fields from production traces via the get_llmobs_span_content tool.
Boundary markers: Absent. The skill does not instruct the agent to use specific delimiters or ignore instructions within the retrieved content.
Capability inventory: Execution of shell commands via the bash tool (using pup) and various MCP tool calls to Datadog APIs.
Sanitization: None described. The skill performs no filtering or validation of trace content before it is analyzed by the agent.
[EXTERNAL_DOWNLOADS]: The skill instructions reference an official Datadog MCP server URL and the pup CLI tool. These are well-known technology resources from the authoring organization (datadog-labs) and are used for their intended observability functions.

agent-observability-trace-rca