eval-trace-rca

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to fetch and quote span content, messages, tool inputs, and "before/after" prompt text from traces without any redaction rules, which would require including sensitive values (API keys, tokens, passwords) verbatim if they appear in those traces.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly calls get_llmobs_span_content for "messages" and "documents" (e.g., Phase 4b: "get_span_content(field='documents') on sibling retrieval spans" and fetching $.messages[0]) which causes the agent to ingest arbitrary user-provided conversation content and RAG-retrieved documents (potentially public/untrusted third‑party content) and to base root-cause conclusions and remediation actions on that content.