modelscope

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to connect to the public ModelScope platform via Membrane (e.g., "membrane connect --connectorKey modelscope" and "membrane action list --connectionId=...") and to fetch action descriptions, input/output schemas, datasets and model metadata from that open, user-contributed site, which the agent is expected to read and use to decide and run actions—allowing untrusted third-party content to influence behavior.