datadog-app
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill implements robust security guidance by instructing the agent to never ask for API or application keys directly. It provides safe alternatives for local credential management, such as using
.env.localfiles (which are verified to be in.gitignore) and a macOS-specific utility that transfers credentials from the system clipboard directly to a local file, preventing them from appearing in conversation logs. - [COMMAND_EXECUTION]: All shell commands and scripts provided are standard for a TypeScript/React development workflow, including project scaffolding, dependency management, and build processes. The commands are transparent and restricted to the user's local development directory.
- [EXTERNAL_DOWNLOADS]: The skill utilizes official, vendor-scoped packages from the Datadog ecosystem, such as
@datadog/apps,@datadog/vite-plugin, and@datadog/action-catalog. CI/CD configuration uses the officialDataDog/apps-github-actionfrom the verified Datadog GitHub organization. - [DATA_EXFILTRATION]: Network operations, including app asset uploads and API queries, are directed exclusively to official Datadog infrastructure (e.g.,
api.datadoghq.com). The skill also provides security patterns for backend functions, such as SQL templating and input allowlisting, to prevent common injection and data leak vulnerabilities.
Audit Metadata