phoenix-tracing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow/docs (e.g., references/span-retriever.md and references/fundamentals-universal-attributes.md) explicitly instruct capturing and using retrieval.documents.{i}.document.content (with metadata.url) in RAG pipelines and evaluators—and instrumentation examples (references/instrumentation-manual-python.md) show external requests (requests.get) — meaning the agent ingests and acts on untrusted, third-party document/API content that can materially influence LLM behavior.