Skip to content

chore(deps): update datadog-labs/agent-skills digest to 1f3645f#590

Merged
samuv merged 1 commit intomainfrom
renovate/datadog-labs-agent-skills-digest
Apr 30, 2026
Merged

chore(deps): update datadog-labs/agent-skills digest to 1f3645f#590
samuv merged 1 commit intomainfrom
renovate/datadog-labs-agent-skills-digest

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 30, 2026

This PR contains the following updates:

Package Update Change
datadog-labs/agent-skills digest 318f1ef1f3645f

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 30, 2026

🛡️ Skill Security Scan Results

❌ dd-apm

  • Status: Failed
  • Findings: 5
  • Blocking: 1

Blocking issues:

  • [COMPOUND_EXTRACT_EXECUTE] (HIGH) An archive is extracted and its contents are then executed. This pattern can deliver and run malicious payloads hidden in archives. (k8s-ssi/agent-install/SKILL.md:67)

Allowlisted (not blocking):

  • MANIFEST_MISSING_LICENSE (Allowed: datadog-labs/agent-skills is licensed MIT at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ dd-docs

  • Status: Passed
  • Findings: 4
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: datadog-labs/agent-skills is licensed MIT at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ dd-llmo-eval-bootstrap

  • Status: Passed
  • Findings: 167
  • Allowed (not blocking): 163
    • MANIFEST_MISSING_LICENSE (Allowed: datadog-labs/agent-skills is licensed MIT at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_SUPPLY_CHAIN_POISONING (Allowed: False positive - matches eval ( on SKILL.md:353 inside an example
      Python evaluator function signature. Not a supply-chain payload.
      Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • PG_EXFIL_MARKDOWN_LINK (Allowed: False positive - the flagged pattern is a markdown link template
      [Trace {first_8}...](https://app.datadoghq.com/llm/traces?query=trace_id:{full_32_char_id})
      used by the skill to cite trace evidence to the USER. The destination
      (app.datadoghq.com) is the user's own Datadog SaaS tenant; the encoded
      value is a trace_id surfaced from the user's own LLM Observability data
      — not exfiltrated agent context. The link is rendered for the user to
      click and verify the cited trace, which is the explicit purpose stated
      in the "Show your work" operating rule. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68 (SKILL.md:681).
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_CROSS_AGENT_ATTACK (Allowed: False positive - matches run() on SKILL.md:537 inside example Python
      code (likely evaluator.run() or similar). Not multi-agent attack
      traffic. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: False positive (54 hits) - matches backtick-wrapped tool names and
      code patterns in SKILL.md: BaseEvaluator, LLMJudge, search_llmobs_spans,
      get_llmobs_span_details, list_llmobs_evals, get_llmobs_eval_*,
      query, python code blocks, @evaluations.custom.<eval_name>:*.
      These are documentation references to upstream API/tool names that
      the skill instructs the agent to use against the user's Datadog
      tenant — not MCP tool responses being executed. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • PG_EXFIL_MARKDOWN_LINK (Allowed: False positive - the flagged pattern is a markdown link template
      [Trace {first_8}...](https://app.datadoghq.com/llm/traces?query=trace_id:{full_32_char_id})
      used by the skill to cite trace evidence to the USER. The destination
      (app.datadoghq.com) is the user's own Datadog SaaS tenant; the encoded
      value is a trace_id surfaced from the user's own LLM Observability data
      — not exfiltrated agent context. The link is rendered for the user to
      click and verify the cited trace, which is the explicit purpose stated
      in the "Show your work" operating rule. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68 (SKILL.md:681).
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive (104 hits) - regex matches on word fragments Eval,
      eval, Pay/pay (in "Payload") in a skill whose explicit purpose
      is to bootstrap LLM evaluators. The terms appear constantly in
      legitimate domain context (BaseEvaluator, LLMJudge, eval suite,
      evaluation traces, etc.). They are documentation strings, not tool
      invocations. Verified at digest 98343f304cbd4439b3d7640cfe64f78070e44d68.
      )

✅ dd-llmo-eval-session-classify

  • Status: Passed
  • Findings: 5
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: datadog-labs/agent-skills is licensed MIT at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ dd-llmo-eval-trace-rca

  • Status: Passed
  • Findings: 3
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: datadog-labs/agent-skills is licensed MIT at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ dd-llmo-experiment-analyzer

  • Status: Passed
  • Findings: 4
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: datadog-labs/agent-skills is licensed MIT at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ dd-logs

  • Status: Passed
  • Findings: 3
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: datadog-labs/agent-skills is licensed MIT at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ dd-monitors

  • Status: Passed
  • Findings: 3
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: datadog-labs/agent-skills is licensed MIT at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ dd-pup

  • Status: Passed
  • Findings: 12
  • Allowed (not blocking): 8
    • MANIFEST_MISSING_LICENSE (Allowed: datadog-labs/agent-skills is licensed MIT at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in the SKILL.md command
      reference, where the skill documents official pup CLI subcommands
      (e.g., pup obs-pipelines delete, pup llm-obs experiments delete,
      pup cost aws-config delete). These are documented Datadog CLI
      subcommands a user explicitly runs against their own Datadog tenant,
      not autonomous high-risk tool calls. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in the SKILL.md command
      reference, where the skill documents official pup CLI subcommands
      (e.g., pup obs-pipelines delete, pup llm-obs experiments delete,
      pup cost aws-config delete). These are documented Datadog CLI
      subcommands a user explicitly runs against their own Datadog tenant,
      not autonomous high-risk tool calls. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in the SKILL.md command
      reference, where the skill documents official pup CLI subcommands
      (e.g., pup obs-pipelines delete, pup llm-obs experiments delete,
      pup cost aws-config delete). These are documented Datadog CLI
      subcommands a user explicitly runs against their own Datadog tenant,
      not autonomous high-risk tool calls. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in the SKILL.md command
      reference, where the skill documents official pup CLI subcommands
      (e.g., pup obs-pipelines delete, pup llm-obs experiments delete,
      pup cost aws-config delete). These are documented Datadog CLI
      subcommands a user explicitly runs against their own Datadog tenant,
      not autonomous high-risk tool calls. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in the SKILL.md command
      reference, where the skill documents official pup CLI subcommands
      (e.g., pup obs-pipelines delete, pup llm-obs experiments delete,
      pup cost aws-config delete). These are documented Datadog CLI
      subcommands a user explicitly runs against their own Datadog tenant,
      not autonomous high-risk tool calls. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in the SKILL.md command
      reference, where the skill documents official pup CLI subcommands
      (e.g., pup obs-pipelines delete, pup llm-obs experiments delete,
      pup cost aws-config delete). These are documented Datadog CLI
      subcommands a user explicitly runs against their own Datadog tenant,
      not autonomous high-risk tool calls. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in the SKILL.md command
      reference, where the skill documents official pup CLI subcommands
      (e.g., pup obs-pipelines delete, pup llm-obs experiments delete,
      pup cost aws-config delete). These are documented Datadog CLI
      subcommands a user explicitly runs against their own Datadog tenant,
      not autonomous high-risk tool calls. Verified at digest
      98343f304cbd4439b3d7640cfe64f78070e44d68.
      )

Summary: Scanned 9 skill(s), found 1 blocking issue(s).

⚠️ Action Required: Review the blocking findings. Add a justified entry to the skill's security.allowed_issues[] in its spec.yaml if the finding is a false positive.

@samuv samuv merged commit 52e0d90 into main Apr 30, 2026
30 of 32 checks passed
@samuv samuv deleted the renovate/datadog-labs-agent-skills-digest branch April 30, 2026 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@samuv samuv samuv approved these changes

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@samuv