llm-evaluator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill reads and evaluates user-generated traces and datasets from Langfuse (e.g., HTTP requests to {LF_API}/traces and lf.get_dataset(dataset_name)), then passes trace "input" and "output" content to the judge LLM, exposing the agent to arbitrary/untrusted third-party content.