datadog
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes the official Datadog Agent installation script from Amazon S3 (https://s3.amazonaws.com/dd-agent/scripts/install_script_agent7.sh).
- [COMMAND_EXECUTION]: Uses various system commands for environment setup and management, including helm, kubectl, docker, and language-specific package managers such as pip and npm.
- [EXTERNAL_DOWNLOADS]: Downloads container images from Google Container Registry (gcr.io/datadoghq/agent) and interacts with official Datadog endpoints (datadoghq.com) for metrics and log ingestion.
- [PROMPT_INJECTION]: Includes a data ingestion surface through the processing of external logs and security signals (Indirect Prompt Injection), which is documented as a functional requirement for observability and threat detection.
Audit Metadata