Skills
skills/cat-xierluo/legal-skills/minimax-image-understand/Gen Agent Trust Hub

minimax-image-understand

Fail

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The script scripts/image_understand.py uses uvx to execute minimax-coding-plan-mcp, which downloads and runs a package from an external registry. Because this package is not from a trusted organization or repository, it poses a risk of executing unverified code.
  • REMOTE_CODE_EXECUTION (HIGH): The use of uvx involves the runtime download and execution of remote code packages.
  • COMMAND_EXECUTION (MEDIUM): The skill utilizes mcp.StdioServerParameters to execute the uvx command as a subprocess.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection. 1. Ingestion points: image_source and prompt in scripts/image_understand.py. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution (uvx) in scripts/image_understand.py. 4. Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 20, 2026, 12:30 PM