phoenix-tracing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's required workflows and examples explicitly show ingesting external, user-generated or public content (e.g., RETRIEVER spans with retrieval.documents.* including metadata.url like "wiki.org" in references/span-retriever.md and explicit HTTP fetch examples such as requests.get("https://api.weather.com/...") in references/instrumentation-manual-python.md), and instruct capturing/using those inputs/outputs in spans and evaluators so that untrusted third-party content can influence subsequent decisions and tool calls.