modelscope

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Running actions" and especially "Proxy requests" sections show the agent will call ModelScope APIs via Membrane and ingest data from the public ModelScope platform (user-contributed models/datasets), so it will fetch and interpret untrusted third-party content that could influence subsequent actions.