Skip to content

chore(deps): update datadog-labs/agent-skills digest to 9bcb3ce#667

Merged
rdimitrov merged 4 commits into
mainfrom
renovate/datadog-labs-agent-skills-digest
Jun 3, 2026
Merged

chore(deps): update datadog-labs/agent-skills digest to 9bcb3ce#667
rdimitrov merged 4 commits into
mainfrom
renovate/datadog-labs-agent-skills-digest

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Jun 1, 2026

This PR contains the following updates:

Package Update Change
datadog-labs/agent-skills digest 2f664fd9bcb3ce

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies label Jun 1, 2026
@toolhive-release-app
chore(skills): bump spec.version for dd-apm,dd-docs,dd-llmo-eval-boot…
550edcc 
…strap,dd-llmo-eval-session-classify,dd-llmo-eval-trace-rca,dd-llmo-experiment-analyzer,dd-logs,dd-monitors,dd-pup
@toolhive-release-app
Copy link
Copy Markdown
Contributor

toolhive-release-app Bot commented Jun 1, 2026
edited
Loading

🛡️ Skill Security Scan Results

✅ dd-apm

  • Status: Passed
  • Findings: 6
  • Allowed (not blocking): 3
    • COMPOUND_EXTRACT_EXECUTE (Allowed: FP: cisco-ai-skill-scanner matched the documented pup CLI install
      snippet in k8s-ssi/agent-install/SKILL.md:67,
      k8s-ssi/troubleshoot-ssi/SKILL.md:48 and
      linux-ssi/troubleshoot-ssi/SKILL.md:48. The snippet downloads the
      official pup release tarball from the same vendor
      (github.com/datadog-labs/pup/releases, version pinned via the GitHub
      releases API) and pipes it through tar xz into /usr/local/bin — the
      canonical, vendor-published CLI install instruction shown to the user,
      not a hidden/malicious archive payload. No executable threat.
      datadog-labs/agent-skills @9bcb3ceafacae78dbba76c9459a878fc7d6a0d10.
      )
    • COMPOUND_EXTRACT_EXECUTE (Allowed: FP: cisco-ai-skill-scanner matched the documented pup CLI install
      snippet in k8s-ssi/agent-install/SKILL.md:67,
      k8s-ssi/troubleshoot-ssi/SKILL.md:48 and
      linux-ssi/troubleshoot-ssi/SKILL.md:48. The snippet downloads the
      official pup release tarball from the same vendor
      (github.com/datadog-labs/pup/releases, version pinned via the GitHub
      releases API) and pipes it through tar xz into /usr/local/bin — the
      canonical, vendor-published CLI install instruction shown to the user,
      not a hidden/malicious archive payload. No executable threat.
      datadog-labs/agent-skills @9bcb3ceafacae78dbba76c9459a878fc7d6a0d10.
      )
    • COMPOUND_EXTRACT_EXECUTE (Allowed: FP: cisco-ai-skill-scanner matched the documented pup CLI install
      snippet in k8s-ssi/agent-install/SKILL.md:67,
      k8s-ssi/troubleshoot-ssi/SKILL.md:48 and
      linux-ssi/troubleshoot-ssi/SKILL.md:48. The snippet downloads the
      official pup release tarball from the same vendor
      (github.com/datadog-labs/pup/releases, version pinned via the GitHub
      releases API) and pipes it through tar xz into /usr/local/bin — the
      canonical, vendor-published CLI install instruction shown to the user,
      not a hidden/malicious archive payload. No executable threat.
      datadog-labs/agent-skills @9bcb3ceafacae78dbba76c9459a878fc7d6a0d10.
      )

✅ dd-docs

  • Status: Passed
  • Findings: 3
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: datadog-labs/agent-skills is licensed MIT at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ dd-llmo-eval-bootstrap

  • Status: Passed
  • Findings: 204
  • Allowed (not blocking): 122
    • MANIFEST_MISSING_LICENSE (Allowed: datadog-labs/agent-skills is licensed MIT at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00030 (Allowed: FP: matched run() (SKILL.md:613) inside an example Python experiment-client snippet. Not an attack vector. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00051 (Allowed: FP: matched the prose phrase 'For each' (loop-over-traces guidance). Documentation, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00040 (Allowed: FP: matched the word 'Deploy' in prose 'Deploy to Datadog LLM Experiments' (SKILL.md:729). Documentation step, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00004 (Allowed: FP: matched JSON/code example fragment {role: " in an eval message schema. Documentation/code, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00213 (Allowed: FP: matched the literal words 'system prompt' / 'System Prompt' in prose describing Datadog span fields and eval dimensions. Documentation, not a system-prompt-extraction attack. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00213 (Allowed: FP: matched the literal words 'system prompt' / 'System Prompt' in prose describing Datadog span fields and eval dimensions. Documentation, not a system-prompt-extraction attack. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00091 (Allowed: FP: matched literal \n newline escapes inside JSON/code example blocks. Documentation/code, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00091 (Allowed: FP: matched literal \n newline escapes inside JSON/code example blocks. Documentation/code, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00091 (Allowed: FP: matched literal \n newline escapes inside JSON/code example blocks. Documentation/code, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00091 (Allowed: FP: matched literal \n newline escapes inside JSON/code example blocks. Documentation/code, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00111 (Allowed: FP: word-fragment matches — summarizing a policy (example intent category), eval_scope (identifier). Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00051 (Allowed: FP: matched the prose phrase 'For each' (loop-over-traces guidance). Documentation, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • PG_EXFIL_MARKDOWN_LINK (Allowed: False positive - the flagged pattern is a markdown link template
      [Trace {first_8}...](https://app.datadoghq.com/llm/traces?query=trace_id:{full_32_char_id})
      used by the skill to cite trace evidence to the USER. The destination
      (app.datadoghq.com) is the user's own Datadog SaaS tenant; the encoded
      value is a trace_id surfaced from the user's own LLM Observability data
      — not exfiltrated agent context. The link is rendered for the user to
      click and verify the cited trace, which is the explicit purpose stated
      in the "Show your work" operating rule. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68 (SKILL.md:681).
      )
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00066 (Allowed: FP: matched Datadog eval-prompt template placeholders — {{input_data}}, {{output_data}}, {{span_input}}, {{meta.input.messages[*].content}}. These are the documented templating syntax for LLM-judge prompts, not injected payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00010 (Allowed: FP: matched backtick-wrapped upstream tool/CLI names — get_llmobs_evaluator, list_llmobs_eval*, create_or_update_llmobs_eval*, pup llm-obs evals get-eval, /eval. Documentation references to tools the skill instructs the agent to call against the user's own Datadog tenant, not executed payloads. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00012 (Allowed: FP: word-fragment matches — integration_account_id, table cells, tool-name fragments like get_llmobs_span_details(trace_id. Documentation strings, no executable threat. datadog-labs/agent-skills @9bcb3ce.)
    • ATR_2026_00091 (Allowed: FP: matched literal \n newline escapes inside JSON/code example blocks. Documentation/code, no executable threat. datadog-labs/agent-skills @9bcb3ce.)

✅ dd-llmo-eval-session-classify

  • Status: Passed
  • Findings: 4
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: datadog-labs/agent-skills is licensed MIT at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ dd-llmo-eval-trace-rca

  • Status: Passed
  • Findings: 4

✅ dd-llmo-experiment-analyzer

  • Status: Passed
  • Findings: 5
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: datadog-labs/agent-skills is licensed MIT at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ dd-logs

  • Status: Passed
  • Findings: 4
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: datadog-labs/agent-skills is licensed MIT at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ dd-monitors

  • Status: Passed
  • Findings: 3
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: datadog-labs/agent-skills is licensed MIT at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ dd-pup

  • Status: Passed
  • Findings: 4
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: datadog-labs/agent-skills is licensed MIT at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

Summary: Scanned 9 skill(s), all passed security checks. ✅

@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented Jun 1, 2026

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

JAORMX and others added 2 commits June 3, 2026 09:58
@JAORMX @claude
fix(datadog-skills): allowlist scanner FPs and fix validation for 9bc…
673cf02 
…b3ce

The datadog-labs/agent-skills digest bump to 9bcb3ce renamed the dd-llmo
subdirectories, which broke both validate-skills and skill-security-scan
(the scanner could not find the source dir at the old path).

validate-skills / scan source-dir fixes (path renames upstream):
  - dd-llmo-eval-bootstrap:        dd-llmo/eval-bootstrap        -> dd-llmo/llm-obs-eval-bootstrap
  - dd-llmo-eval-session-classify: dd-llmo/eval-session-classify -> dd-llmo/llm-obs-session-classify
  - dd-llmo-eval-trace-rca:        dd-llmo/eval-trace-rca        -> dd-llmo/llm-obs-trace-rca
  - dd-llmo-experiment-analyzer:   dd-llmo/experiment-analyzer   -> dd-llmo/llm-obs-experiment-analyzer
Mappings verified against SKILL.md frontmatter name/description at the new ref.

Scan FP allowlist:
  - dd-apm: COMPOUND_EXTRACT_EXECUTE (HIGH) — matches the documented `pup`
    CLI install snippet (download official datadog-labs/pup release tarball,
    pipe through `tar xz` into /usr/local/bin). Vendor-published install
    instruction, not a hidden malicious archive payload.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@JAORMX @claude
fix(dd-llmo-eval-bootstrap): allowlist new ATR_2026_* scanner FPs at …
05f8353 
…9bcb3ce

After the path was corrected to dd-llmo/llm-obs-eval-bootstrap, the scanner
ran against the new SKILL.md, which grew (~681 -> ~1180 lines) at ref 9bcb3ce
with the added "publish online LLM-judge evaluators" workflow. That section
trips 14 ATR_2026_* rule-pack rules (CRITICAL/HIGH).

All confirmed false positives — substring / word-fragment matches on benign
documentation prose ("become the", "skip this step", "Extract the rule",
"system prompt", "For each", "Deploy") and backtick-wrapped upstream
tool/CLI/template names (get_llmobs_* tools, pup llm-obs evals, {{input_data}}
prompt placeholders). No executable threat; these are docs/code describing how
the agent should operate against the user's own Datadog tenant.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@rdimitrov rdimitrov merged commit f0862ed into main Jun 3, 2026
62 of 64 checks passed
@rdimitrov rdimitrov deleted the renovate/datadog-labs-agent-skills-digest branch June 3, 2026 09:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rdimitrov rdimitrov rdimitrov approved these changes

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rdimitrov @JAORMX