minimax-web-search
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The file "scripts/web_search.py" uses "uvx" to run "minimax-coding-plan-mcp". "uvx" is a command-line tool that downloads and runs Python packages in temporary environments. This creates a dependency on an external package from a registry that is not part of the trusted organization list.\n- REMOTE_CODE_EXECUTION (MEDIUM): By using "uvx", the skill executes third-party code downloaded at runtime. While this is a standard pattern for MCP (Model Context Protocol) tools, the execution of unverified remote code is a security risk.\n- COMMAND_EXECUTION (LOW): The skill spawns a subprocess using "StdioServerParameters" in "scripts/web_search.py". It passes arguments as a list, which is a secure practice to prevent shell injection, but the capability to execute local commands (via "env" and "uvx") is core to its operation.\n- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection as it processes untrusted data from the web.\n
- Ingestion points: Search result titles and snippets returned by the "web_search" tool in "scripts/web_search.py".\n
- Boundary markers: Absent; search results are returned as raw text strings without delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill possesses the ability to execute subprocesses via the MCP server it spawns.\n
- Sanitization: Absent; no escaping or filtering is applied to the retrieved web content before it is passed to the agent context.
Audit Metadata