eval-bootstrap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly calls get_llmobs_span_content (and related trace/content APIs) to fetch span messages and retrieved "documents" from production traces and then uses those untrusted, user- or web-sourced contents to "ground prompts" and drive evaluator design and code generation, meaning third-party content is read, interpreted, and can materially influence subsequent prompts and actions.