glmv-prd-to-app
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Python's
subprocessmodule inscripts/render_page.pyto install necessary development tools like Playwright and the Chromium browser. This is an expected operation for automating visual verification of the generated web application. - [EXTERNAL_DOWNLOADS]: The skill manages external dependencies by downloading the Playwright library from PyPI and browser binaries from official sources. The deployment template in
SKILL.mdalso references standard package managers likenpmandpipfor installing application dependencies. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted user-supplied PRD (Product Requirement Document) files and prototype images to generate code. While malicious instructions within a PRD could influence the generated output, this is an inherent risk factor for code-generation skills and is managed by the agent's underlying safety filters.
- Ingestion points:
/workspace/prd.md,/workspace/prototypes/*(processed in Phases 0 and 2). - Boundary markers: None explicitly defined to ignore embedded instructions in data.
- Capability inventory: File writing, shell command execution via
start.sh, and network requests via Playwright. - Sanitization: No explicit sanitization of PRD content before code generation.
Audit Metadata