glmv-prd-to-app
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/render_page.pyutility automatically installs the 'playwright' package and the Chromium browser from official registries if they are not detected in the environment. These are downloads from a well-known and trusted technology provider. - [REMOTE_CODE_EXECUTION]: The skill uses
subprocess.runto execute package installation commands (pip install,playwright install) at runtime to ensure the visual verification environment is prepared. - [COMMAND_EXECUTION]: The instructions guide the agent to generate and execute a
start.shscript to manage the deployment of the created application, which involves installing system dependencies and starting local web servers. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it processes untrusted requirements from an external file to drive complex operations like system design and code generation.
- Ingestion points: The agent is instructed to read requirements and specifications from
/workspace/prd.md. - Boundary markers: The instructions lack specific delimiters or guardrails to prevent the agent from following malicious instructions potentially embedded within the PRD document.
- Capability inventory: The skill possesses the capability to execute shell commands, write application code to the file system, and perform network requests for testing.
- Sanitization: Content from the requirement documents is processed without validation or sanitization before being used to influence the implementation logic.
Audit Metadata