glmocr
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes documents such as images and PDFs from external sources, creating a surface for indirect prompt injection. Malicious text embedded within a processed document could attempt to influence the agent's behavior. Ingestion points: scripts/glm_ocr_cli.py (via --file and --file-url arguments). Boundary markers: Absent. Capability inventory: Network requests via the requests library and local file system read access. Sanitization: Absent.
- [COMMAND_EXECUTION]: The skill requires the execution of local Python scripts, specifically scripts/config_setup.py for API key configuration and scripts/glm_ocr_cli.py for performing OCR tasks.
- [DATA_EXFILTRATION]: The skill reads local files and transmits their content to the Zhipu AI API at open.bigmodel.cn. This is the primary intended functionality of the skill and targets a well-known service provider.
Audit Metadata