glmv-web-replication

SUSPICIOUS. The skill’s core behavior is mostly consistent with its stated purpose, and its dependencies appear to be official tools rather than unknown binaries. However, it grants broad automation for recursively exploring and reproducing external websites, relies on user-asserted authorization only, and combines untrusted web content ingestion with write-capable agent behavior, making indirect prompt-injection and misuse risks material. Not malicious on its face, but medium risk as an AI agent skill.