langfuse-observability

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to query a Langfuse instance (e.g., via curl to "$LANGFUSE_HOST/api/public/traces" and "$LANGFUSE_HOST/api/public/observations", including "Get trace input/output"), which pulls potentially user-generated/untrusted trace and LLM input/output data from a cloud or public host that the agent would read and could be used to influence its actions.