agentscope-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md Step 1 ("Clone the Repository First") explicitly instructs cloning the public GitHub repo https://github.com/agentscope-ai/agentscope.git and then reading its examples and source as authoritative references, meaning the agent is expected to ingest and act on public third‑party (user-contributed) content that can materially influence its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs at runtime to "git clone -b main https://github.com/agentscope-ai/agentscope.git", which fetches and brings in remote repository code that the skill then relies on for examples and implementation (and that code can be executed or used to control agent prompts), so this external URL is a required runtime dependency that can execute remote code.