minimax-coding-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md defines a web_search tool that performs searches of the open web and returns search result links/snippets (and also accepts image URLs for understand_image), meaning the agent will ingest untrusted public third‑party content from arbitrary websites as part of its workflow, allowing that content to influence decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The exec script invokes "npx -y mcp-to-skill@0.2.2 ..." which will fetch and execute the mcp-to-skill package from the npm registry at runtime, meaning remote code is fetched and executed as a required dependency (npx/mcp-to-skill@0.2.2).