minimax-prompt
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits user-provided content to the MiniMax API at
api.minimax.io. This is the documented and primary purpose of the skill, utilizing the official service endpoint. - [PROMPT_INJECTION]: The skill processes untrusted data from CLI arguments and standard input, which is then passed to an external LLM. This presents a vulnerability surface for indirect prompt injection.
- Ingestion points: Data enters the agent context through command-line arguments and standard input (stdin) via the
minimax-promptCLI wrapper. - Boundary markers: The skill does not implement delimiters or explicit 'ignore embedded instructions' warnings when interpolating data into the LLM prompt.
- Capability inventory: The skill possesses network communication capabilities (via
curl) and executes a local binary (minimax-prompt). - Sanitization: No input validation or sanitization of the user-provided content is performed before transmission to the API.
Audit Metadata