braintrust-tracing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs querying the Braintrust API (default BRAINTRUST_API_URL=https://api.braintrust.dev) via scripts/braintrust_analyze.py to fetch session traces and tool_input.prompt/tool_output (user-generated session content), and the guide describes reading and correlating that content to drive tracing and linking decisions, so the agent will ingest untrusted third-party session data.