minimax-image-understand

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts arbitrary HTTP/HTTPS image URLs (see SKILL.md usage "python3 image_understand.py <图片路径或URL>") and scripts/image_understand.py (which sets MINIMAX_API_RESOURCE_MODE=url and passes the URL to the MCP tool) so the agent will fetch and interpret untrusted third‑party images that can materially influence outputs and follow‑on behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill configures MINIMAX_API_HOST=https://api.minimaxi.com and uses the mcp ClientSession/stdio client to call the remote tool "understand_image" at runtime, so it relies on that external host to execute remote code and produce prompts/responses.