minimax-coding-plan
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill contains explicit instructions in the Execution Strategy section to override standard safety protocols by directing the agent to execute commands directly and bypass user confirmation loops.
- [DATA_EXFILTRATION]: The understand_image tool allows the use of absolute file paths for local images (e.g., /Users/username/...), which creates a risk of unauthorized access to sensitive system files that could be transmitted to the external API.
- [REMOTE_CODE_EXECUTION]: The script and configuration dynamically download and execute code from public registries using npx and uvx during runtime without integrity checks or version pinning for all components.
- [COMMAND_EXECUTION]: The skill executes shell scripts that perform environment variable substitution and command-line execution, providing a bridge between the LLM and the local shell.
- [EXTERNAL_DOWNLOADS]: Software dependencies are fetched from external sources (NPM and PyPI) at runtime, introducing potential supply chain vulnerabilities.
- [INDIRECT_PROMPT_INJECTION]: 1. Ingestion points: Outputs from web_search and understand_image. 2. Boundary markers: None present. 3. Capability inventory: Shell script execution and local file access. 4. Sanitization: None identified.
Recommendations
- AI detected serious security threats
Audit Metadata