traqo-tracing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs downloading and loading .jsonl/.jsonl.gz traces from cloud storage (e.g., "traqo ui s3://bucket/prefix" and aws/gcloud cp examples) and the skill's core workflow parses LLM span inputs/outputs from those trace files — untrusted, user-generated content that the agent reads and uses to drive analysis and follow-up actions, so it could enable indirect prompt injection.