Skills
skills/zai-org/glm-v/glmv-resume-screen/Gen Agent Trust Hub

glmv-resume-screen

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads resume files from arbitrary URLs provided in the --files argument for processing. While this is core functionality, it involves fetching untrusted content from the public internet.
  • [DATA_EXFILTRATION]: The script scripts/resume_screen.py has the capability to read local files from the filesystem. If a local path is provided via the --files argument, the script reads the content (restricted to .pdf files) and transmits it as base64-encoded images to the ZhiPu API. This represents a potential exposure vector for sensitive local documents if the agent is directed to access unintended paths.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8):
  • Ingestion points: Resume content is ingested from remote URLs or local files via the files list in scripts/resume_screen.py.
  • Boundary markers: The skill does not use explicit boundary markers or instructions to the model to ignore potential commands embedded within the resumes.
  • Capability inventory: The skill uses requests.post to send data to the ZhiPu API and can write evaluation results to a local file using the --output flag.
  • Sanitization: There is no sanitization or filtering of the resume content before it is passed to the multimodal model for evaluation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 04:13 AM
Security Audit — agent-trust-hub — glmv-resume-screen