eval-session-classify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 2 requires calling get_llmobs_span_details and reading the evaluations map (including "user-uploaded evaluations" whose prose reasoning can be provided by any external party), and those user-generated evaluation reasonings are explicitly treated as authoritative input that the classifier must read and use—exposing the agent to untrusted third-party content that can influence decisions.