Skills
skills/thincher/awsome_skills/glm-web-search/Gen Agent Trust Hub

glm-web-search

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to download and execute the mcporter utility from the npm registry to manage MCP server connections.
  • [COMMAND_EXECUTION]: Several shell commands are executed to set up the environment, including creating directories with mkdir, writing configuration files with cat, and using a Python one-liner to parse JSON data.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface because it retrieves untrusted content from the internet through the search tool.
  • Ingestion points: Data returned by the webSearchPrime search tool in SKILL.md.
  • Boundary markers: No specific delimiters or warnings are defined to prevent the agent from executing instructions found in search results.
  • Capability inventory: The agent has the ability to make network requests (via the search service) and execute local commands (via the mcporter CLI).
  • Sanitization: No sanitization or safety checks are implemented for the external data fetched during searches.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 02:35 PM