glmv-prompt-gen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary external image/video URLs (see SKILL.md examples like python scripts/prompt_gen.py --images "https://example.com/photo.jpg" and scripts/prompt_gen.py which builds image_url/video_url entries and sends them to the GLM‑V API) and the model is required to analyze that untrusted visual content to produce prompts, so third‑party/user‑provided media could embed instructions that materially influence generated outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to the GLM-V API at https://open.bigmodel.cn/api/paas/v4/chat/completions (API_BASE_URL) and relies on that remote model response (requiring ZHIPU_API_KEY) to produce the prompts returned to users, so external content from that URL directly controls the generated prompts.