dd-audit-key-compromise

Installation

SKILL.md

Audit Trail: API Key Compromise Investigation

Reconstruct what a Datadog API key did, where requests originated, and which resources were affected.

Prerequisites

pup auth login   # OAuth2 (recommended)
# or set DD_API_KEY + DD_APP_KEY with audit_logs_read scope

You need the key ID of the suspect key (not the key value). Find it in Datadog UI under Organization Settings > API Keys, or from context showing @metadata.api_key.id.

Investigation Workflow

Step 1 — Establish timeline

Installs

161

Repository

datadog-labs/ag…t-skills

GitHub Stars

136

First Seen

May 8, 2026

Security Audits

Gen Agent Trust HubPass

SocketPass

SnykPass

dd-audit-key-compromise — datadog-labs/agent-skills