Skills
skills/zai-org/glm-skills/glmv-web-replication/Gen Agent Trust Hub

glmv-web-replication

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted content from arbitrary external websites.
  • Ingestion points: Data enters the agent's context through agent-browser open and agent-browser snapshot commands used to crawl user-provided target URLs.
  • Boundary markers: Absent. No specific delimiters are defined in the instructions to separate untrusted website content from the agent's core logic.
  • Capability inventory: The skill uses Bash for file operations and curl downloads, and agent-browser for navigation and JavaScript evaluation.
  • Sanitization: Absent. There are no mechanisms for filtering or sanitizing external content before it is used to generate the replication blueprint.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to manage directory structures and download assets via curl. These operations rely on external URLs which could be manipulated if the agent is compromised by malicious website content.
  • [EXTERNAL_DOWNLOADS]: The workflow requires downloading media assets and SVG source code from arbitrary remote servers, involving network operations to potentially untrusted domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 03:15 AM