agent-observability-eval-bootstrap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). In publish mode, the skill calls Datadog MCP tools like search_llmobs_spans / get_llmobs_span_content to ingest production span JSON (including user/assistant messages) into the agent’s LLM context for evaluator proposal; this is outsider-authored free text because it includes end-user and model-generated conversation content from production traces that the operating user did not author.