glmv-doc-based-writing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill accepts arbitrary document URLs (see SKILL.md examples and scripts/doc_based_writing.py which build "file_url" entries from --files HTTP/HTTPS URLs) and sends those third‑party files to the model to be read and used to produce output, so untrusted user-provided web content can influence model behavior and enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The script requires user-supplied document URLs (file_url entries) — e.g., any https://... document URL provided via the --files parameter — which are sent to the GLM API and fetched at runtime and injected into the model context, so remote content can directly control prompts and is a required dependency.