langfuse-trace-view

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This script fetches and displays trace and observation data from a third-party Langfuse host (LANGFUSE_HOST → /api/public/traces/ and /api/public/observations?traceId=...), and it directly prints trace.input, trace.output and observation.input/output which can contain untrusted, user-generated content that could embed indirect prompt injections.