glmv-prd-to-app

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The scripts (scripts/render_page.py) call subprocess to run "pip install playwright" and "playwright install chromium", which at runtime fetches and installs remote packages/binaries from PyPI (e.g. https://pypi.org/) and thereby downloads and executes remote code required for the skill to run.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly requires a self-contained start.sh that installs system-wide dependencies (Node, Python, PostgreSQL), sets up/reset databases, and otherwise modifies system state (implying use of sudo/system package installs), so it pushes the agent to change the host machine.