VLM
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The script imports 'z-ai-web-dev-sdk', which is an unknown dependency from an untrusted source. This presents a potential supply chain risk as the package integrity and safety cannot be verified.
- [Data Exposure & Exfiltration] (LOW): The skill performs network operations (image retrieval and API calls) involving 'cdn.bigmodel.cn', a domain not present on the trusted whitelist. While no sensitive local data access was observed, external network calls to non-whitelisted targets are flagged.
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection via the image URL and text prompt inputs. Ingestion points: Untrusted 'prompt' and 'imageUrl' parameters in 'scripts/vlm.ts'. Boundary markers: Absent; user-controlled content is interpolated directly into the message array without delimiters. Capability inventory: Network access to vision model APIs. Sanitization: No input validation or filtering is performed on user inputs.
Audit Metadata