glmv-caption
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted media and documents from local paths or URLs, creating an attack surface for indirect prompt injection where instructions embedded in images or files could influence the AI's response.
- Ingestion points: Untrusted data enters the agent context through the
--images,--videos, and--filescommand-line arguments inscripts/glmv_caption.py. - Boundary markers: No explicit delimiters or instruction-ignore warnings are used when passing content to the multimodal model.
- Capability inventory: The skill performs network operations via
requests.postto the ZhiPu API endpoint. - Sanitization: The script performs validation on file extensions and sizes, but does not sanitize the content of the media for potential instructions.
- [EXTERNAL_DOWNLOADS]: The script communicates with
open.bigmodel.cn, which is the official and well-known API endpoint for the ZhiPu AI service. - [COMMAND_EXECUTION]: The skill uses a local Python script (
scripts/glmv_caption.py) to handle media processing and API communication. This is the primary intended mechanism of the skill.
Audit Metadata