arize-trace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to run ax spans export / ax traces export to download exported span/trace JSON (into .arize-tmp-traces) that contains user-generated, untrusted fields such as attributes.llm.input_messages, attributes.input.value, attributes.output.value, and attributes.retrieval.documents.contents (described in SKILL.md), so the agent will ingest third‑party content as part of its workflow.