glm-web-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt asks the user to provide the GLM API key, reads/saves it to a local JSON and instructs replacing "your-key" in a URL/command (and prints the api_key), which requires including the secret verbatim in generated commands—an explicit exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to call the GLM "webSearchPrime" MCP (via https://open.bigmodel.cn/api/mcp/web_search_prime/...) to fetch web search results (webpage titles, URLs, summaries) from the open internet, which are untrusted third-party contents the agent will read and use for decisions.