arize-trace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to run ax spans export / ax traces export to fetch trace/span JSON from Arize (see SKILL.md), and those exported files include untrusted user-generated fields like attributes.llm.input_messages, attributes.input.value, attributes.output.value, and attributes.retrieval.documents.contents which the workflow expects the agent to read and analyze—exposing it to potential indirect prompt injection.