glmocr-handwriting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts arbitrary HTTP/HTTPS image URLs (see SKILL.md "Recognize from URL" and scripts/glm_ocr_cli.py: _is_url -> file_payload = image_source) and returns OCR'd text extracted from those remote, untrusted sources, so third‑party content could embed instructions that the agent would read and act on.