langfuse

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs reading API keys from .env and building curl commands that include Basic Auth (-u "pk-lf...:sk-lf...") and example secrets, which requires the agent to insert secret values verbatim into generated commands/outputs, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly tells the agent to call Langfuse REST endpoints (e.g., GET /api/public/traces, /observations, /comments and the Docs MCP) to fetch trace inputs/outputs, observations, prompts and comments—user-generated/untrusted content that the agent is expected to read and use when debugging or taking next actions, creating a clear indirect prompt-injection surface.