glmocr-formula

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly accepts arbitrary remote URLs (see "Local file & URL" in SKILL.md and the CLI --file-url handling in scripts/glm_ocr_cli.py) and sends those third‑party images/PDFs to the GLM‑OCR API for text extraction, meaning untrusted, user-provided web content is ingested and returned as text the agent will read and act on.