langfuse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md "2. Langfuse Documentation" (especially "2c. Search Documentation") instructs the agent to fetch and search public Langfuse docs and an index that explicitly includes GitHub Issues/Discussions (user-generated content), and the "Documentation First" rule requires the agent to read those fetched pages before implementing, so untrusted third-party content can directly influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs setting LANGFUSE_HOST (e.g., https://cloud.langfuse.com) and to call langfuse.get_prompt() / LangfuseWeb and curl doc endpoints at runtime to fetch prompts/docs, so prompt text and templates are retrieved from that external host and can directly control agent instructions (https://cloud.langfuse.com).