glmv-web-replication

The skill’s capabilities mostly match its stated purpose: public-site browsing, screenshot capture, asset download, and local blueprint generation for frontend replication. The main concerns are medium-risk transitive dependency trust and the high-volume processing of untrusted web content while having file-write capability, which could expose the agent to indirect prompt injection. Overall this is better classified as SUSPICIOUS than benign due to those execution and content-ingestion risks, but there is no strong evidence of credential harvesting, covert exfiltration, or confirmed malicious intent.