glmv-prd-to-app

SUSPICIOUS: the skill’s purpose broadly matches app-building, but its footprint is powerful and only loosely constrained. Main concerns are autonomous execution of generated setup/install scripts and prompt-injection risk from untrusted PRD/prototype materials combined with write/exec capability; there is no clear evidence of credential theft or malicious exfiltration.