ai-observability-promptfoo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports ingesting arbitrary external content via HTTP providers and custom RAG providers (see "HTTP Provider (No Code)" in examples/custom-providers.md and the RAG custom provider in examples/custom-providers.md / SKILL.md where docs are retrieved and concatenated into prompts), so the agent can read untrusted public URLs/documents that may contain instructions influencing its LLM prompts and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The CI and usage examples run "npx promptfoo@latest" which fetches and executes the remote promptfoo npm package (https://www.npmjs.com/package/promptfoo) at runtime — a remote package that directly controls prompt evaluation and test execution and is presented as the required way to run evaluations.