agentscope

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly documents and shows ReAct/tool-using agents using built-in web tools (e.g., web_search, web_fetch, web_browse in references/tools-mcp.md) and SKILL.md even warns about "indirect prompt injection" when using tools that fetch content from external sources, so the agent is expected to fetch and interpret untrusted public web content as part of its workflow.