monitoring-observability

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly fetches and analyzes arbitrary URLs (e.g., run_content_analysis calls fetch_content(url) in examples/orchestkit-langfuse-traces.md and Agent Observability shows a web_search tool), so the agent ingests untrusted public web content that can influence multi-agent routing, analysis, and subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses the Langfuse client at LANGFUSE_HOST (e.g. https://cloud.langfuse.com) at runtime and explicitly references runtime prompt management (get_client().get_prompt(), creating/storing prompts in the Langfuse UI), so fetched content from that URL can directly control agent prompts and is a required dependency.