agno

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes tools and examples that fetch and scrape public web and user-generated content (e.g., Apify/RAG web browser and Apify actors, DuckDuckGoTools, HackerNewsTools, Newspaper4kTools and explicit examples like "Scrape this webpage as markdown" and agent.print_response requests to process URLs), so the agent is expected to ingest and interpret untrusted third-party web/forum content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime examples that fetch and inject external webpage content into the model context — for example, agent.print_response("Summarize the content from https://docs.agno.com/introduction") and knowledge.add_contents(urls=["https://docs.agno.com/introduction/agents.md"]) (via ApifyTools / web-scraping), so the content at https://docs.agno.com/introduction can directly influence prompts and outputs.