The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands using the pup CLI and jq. These commands are used to query Datadog audit logs, filter results, and generate structured investigation reports. This is expected behavior for a technical security auditing tool.
[DATA_EXPOSURE]: The skill accesses and processes sensitive information from audit logs, such as IP addresses, geographic locations (city/country), and user email addresses. This data exposure is necessary for the intended function of reconstructing a timeline of actions and identifying the source of potentially malicious requests.
[SAFE]: The skill follows security best practices by recommending OAuth2 authentication or environment variables for secret management (DD_API_KEY, DD_APP_KEY) rather than hardcoding credentials. All external links point to official Datadog documentation, and the functionality aligns with the author's identity as a security-focused entity.

dd-audit-key-compromise