The Agent Skills Directory

DATA_EXFILTRATION (HIGH): The 'understand_image' tool is explicitly designed to read local file paths, including absolute paths like '/Users/username/Documents/image.png'. The skill documentation confirms it converts these local files to base64 and sends them to a remote API endpoint ('{api_host}/v1/coding_plan/vlm'). This creates a direct path for exfiltrating sensitive local data if an attacker can influence the file paths provided to the tool.
COMMAND_EXECUTION (LOW): The tool performs automated file system reads and network requests based on the 'image_url' parameter, which can be dynamically generated by the agent or provided by a user.
PROMPT_INJECTION (LOW): The skill has a high surface area for indirect prompt injection (Category 8). Ingestion point: 'image_url' parameter (URL or local path). Boundary markers: None specified. Capability inventory: Remote API POST requests and local file reads. Sanitization: None specified. Malicious instructions embedded in images could be extracted via OCR and processed as instructions by the agent.

minimax-image-understanding