glmv-prompt-gen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill accepts arbitrary image and video URLs from the public web (see SKILL.md "Image/Video" URL examples and scripts/prompt_gen.py where process_image(img) and content.append({"type":"image_url", "image_url": {"url": ...}}) / {"type":"video_url", "video_url": {"url": vid}} are sent to the model), so untrusted third‑party visual content is ingested and directly influences prompt generation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The script calls the external model API at runtime (https://open.bigmodel.cn/api/paas/v4/chat/completions), and the remote response from that URL is directly used as the generated prompt output (the skill requires a ZHIPU_API_KEY), so this external endpoint effectively controls the skill's prompts.