Skills
skills/zai-org/glm-skills/glm-image-gen/Gen Agent Trust Hub

glm-image-gen

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is an official-style wrapper for the ZhiPu GLM-Image API, providing text-to-image generation through a well-defined CLI script.
  • [COMMAND_EXECUTION]: The skill executes a local Python script (scripts/glm_image_cli.py) using standard libraries to interact with the ZhiPu AI platform.
  • [EXTERNAL_DOWNLOADS]: The script communicates with the official ZhiPu AI API endpoint (https://open.bigmodel.cn/api/paas/v4/images/generations) and supports downloading generated images to local paths specified via the --save argument.
  • [PROMPT_INJECTION]: The skill ingests user-provided text prompts as input for image generation. Ingestion point: the --prompt argument in scripts/glm_image_cli.py. Boundary markers: Absent in prompt interpolation. Capability inventory: network access via urllib.request and file system writes via open() in scripts/glm_image_cli.py. Sanitization: Handled by the ZhiPu API's internal content safety filters, which the skill monitors via the content_filter response field.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 02:45 AM
Security Audit — agent-trust-hub — glm-image-gen