langfuse-session-view

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The script fetches and prints session and trace data directly from a third-party Langfuse host (requests to ${LANGFUSE_HOST}/api/public/sessions/ and ${LANGFUSE_HOST}/api/public/traces?...), which can contain untrusted, user-generated content from sessions and therefore could enable indirect prompt injection.