Back to skill

Security audit

GLM-V-Prompt-Gen

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uses a Zhipu API key to send user-selected images or video URLs to GLM-V and return prompt text.

Install only if you are comfortable giving this skill a Zhipu API key and sending selected images or video URLs to Zhipu for analysis. Avoid using private or sensitive media unless you accept that external processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill declares required environment variables and documents file output and remote URL usage, but it does not explicitly declare corresponding permissions. This mismatch can hide the skill's true capabilities from reviewers and users, reducing transparency around access to secrets, filesystem writes, and outbound network requests.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The invocation triggers include broad phrases such as generic prompt-generation terms that may overlap with normal user requests. Overbroad activation can cause the skill to run unexpectedly, sending user-provided images, videos, or text to an external model when the user did not clearly intend to invoke this specific skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The tool transmits user-supplied images or video URLs to an external API, but the CLI provides no explicit warning or consent checkpoint before uploading potentially sensitive visual content. In a prompt-generation skill, users may reasonably assume local analysis, so silent transmission can lead to unintended disclosure of private media or sensitive URLs.

Direct Prompt Extraction

High
Category
System Prompt Leakage
Content
> ⚠️ Images and videos cannot be used in the same request.
> ⚠️ Videos only support URLs — local paths and base64 are NOT supported.

### 📋 Output Display Rules (MANDATORY)

After running the script, **you must display the full prompt output exactly as returned**. Do not summarize, truncate, or only say "prompt generated". Users need the complete prompt (especially the English prompt) for direct copy/paste.
Confidence
91% confidence
Finding
Display Rules

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.