glmocr

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit setup command that passes the API key as a command-line argument (--api-key YOUR_KEY), which is an insecure pattern that would require the LLM to handle or output the secret value verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill accepts arbitrary public URLs as input (see scripts/glm_ocr_cli.py --file-url and extract_text handling of URL payloads) and returns the OCR'd "text" from those untrusted third-party resources for the agent to read/interpret, which can enable indirect prompt-injection via instructions embedded in images/pages.