ai-observability-langfuse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and uses external prompts and dataset items from the Langfuse service (e.g., langfuse.prompt.get in examples/prompt-management.md and dataset.get/runExperiment in examples/scores-datasets.md), which pulls untrusted/user-managed third-party content that is compiled into LLM inputs and can therefore indirectly inject instructions that influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses the Langfuse client to fetch versioned prompts at runtime from the Langfuse API (default LANGFUSE_BASE_URL=https://cloud.langfuse.com), meaning remote content from that URL can directly control prompts injected into LLM calls.