claude-langfuse

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly pulls Langfuse traces containing "all tool invocations with inputs/outputs" and promises to present full timelines and tool inputs/outputs, which would require the agent to include any secret values found in those traces verbatim unless additional redaction is enforced.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly queries the Langfuse API (default https://cloud.langfuse.com) to fetch session traces and user prompts (see SKILL.md and utils/api.py get_traces/get_observations) and utils/reflect.py and utils/insights.py parse those user-generated prompts to detect signals and propose updates to agent files, so untrusted third-party content can directly influence agent behavior.