langfuse-observability

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests and analyzes external, user-provided web content — e.g., content = await fetch_content(url) in backend/app/domains/analysis/workflows/content_analysis.py and experiments that iterate dataset items with input URLs (langfuse.get_dataset / run_experiment) — so the agent is expected to read untrusted public URLs that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches prompts at runtime via the Langfuse API (configured by LANGFUSE_HOST, e.g. https://cloud.langfuse.com) using langfuse.get_prompt()/prompt.compile(), so external content from that URL can directly control agent prompts/instructions.