eval-bootstrap
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted production LLM traces to identify quality dimensions and generate evaluation prompts. This constitutes an attack surface where malicious input in production traces could potentially influence the agent's analysis or generated code.
- Ingestion points: Untrusted data enters the agent context via the get_llmobs_span_content tool.
- Boundary markers: No specific delimiters are defined to separate trace content from the agent's internal instructions.
- Capability inventory: The agent can write local Python and JSON files and create or edit Datadog notebooks.
- Sanitization: The skill includes a mandatory rule to anonymize PII and sensitive data from all generated content.
- [SAFE]: The skill implements security best practices by requiring PII scrubbing and human-in-the-loop confirmation before concluding the bootstrap process.
- [SAFE]: The external dependencies (ddtrace) and tool usage are consistent with the verified author's identity (datadog-labs) and official infrastructure.
Audit Metadata