glm-master-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to "Open the selected skill's official SKILL.md" from the listed GitHub repositories (e.g., https://github.com/zai-org/GLM-OCR and other repo links), which requires fetching and interpreting public, user-maintained third-party content that could contain executable instructions affecting agent actions.