agent-observability-trace-rca

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime LLM context is populated from Datadog trace/span content fetched via MCP tools (e.g., get_llmobs_span_content for messages, documents, input/output), which is not authored by the operating user and can include arbitrary free text from the application/agents; this content is then embedded into the agent’s analysis prompts.