datasets

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Phase 1 Discovery explicitly instructs the agent to fetch and analyze production traces via "langwatch trace search" and "langwatch trace get" (real user inputs) and to read user-provided docs, which are untrusted/user-generated content the agent must interpret and use to design datasets — allowing those third-party inputs to materially influence decisions and tool use.