langfuse-observation-view

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The script fetches observation data from the external Langfuse API at ${LANGFUSE_HOST}/api/public/observations/ and directly displays obs.input and obs.output (LLM prompts/responses), which can contain untrusted, user-generated content and thus could enable indirect prompt injection.