phoenix-tracing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's instrumentation and RETRIEVER span docs (rules/span-retriever.md and instrumentation-auto-.md) explicitly capture and store retrieval.documents. (document.content and metadata.url) and the fundamentals docs state input.value/output.value are displayed and accessible in Phoenix, so the agent will ingest and present untrusted/public third-party content (retrieved documents/URLs) as part of its workflow.