glm-understand-image

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user for their GLM API key and instructs embedding it verbatim into files and CLI commands (e.g., echoing to a JSON file and using --env "your-key"), which requires the agent to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md (Step 6.1/6.2 and examples) explicitly accepts image_source as an arbitrary URL and calls tools like analyze_image and extract_text_from_screenshot that ingest and interpret image content from public websites, so untrusted third‑party images (including embedded text) could influence analysis and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill config adds and runs a remote npm package at runtime via the command "npx -y @z_ai/mcp-server", which will fetch and execute remote code and is required for the MCP server functionality.