minimax-music-playlist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's build_taste_profile.py explicitly queries the public MusicBrainz API (https://musicbrainz.org/ws/2/artist/...) (and can also call the MiniMax chat API) to fetch artist genre/mood data, and those external responses are parsed into taste_profile.json which is then directly used by generate_playlist.py to construct prompts and drive music-generation/playback actions—exposing the agent to untrusted third-party content that can influence behavior.