glm-understand-image

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). 该技能指示向用户索要智谱 API Key 并在示例中将其嵌入到配置文件（heredoc）和 mcporter 命令行的 --env 参数中，要求将密钥明文逐字包含在生成的命令/文件中，存在高风险的密钥外泄。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime workflow (Steps 6.1–6.2 in SKILL.md) accepts image_source as a URL (e.g., "https://example.com/image.jpg") and calls the GLM MCP to analyze those images, meaning the agent will fetch and interpret arbitrary public/third‑party images which can contain user-generated content or embedded instructions that could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running npx -y @z_ai/mcp-server (fetched from https://registry.npmjs.org/@z_ai/mcp-server) and npx -y mcporter (https://registry.npmjs.org/mcporter) during setup, which fetches and executes remote code at runtime that the skill depends on.