vision-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to fetch setup instructions and documentation from the vendor's official domain (minimaxi.com).
- [EXTERNAL_DOWNLOADS]: It provides instructions to utilize the 'minimax-coding-plan-mcp' package via the 'uvx' tool, which is a standard method for executing vendor-provided MCP servers.
- [COMMAND_EXECUTION]: Provides command-line examples for configuring Model Context Protocol (MCP) servers in developer environments such as Claude Code, Cursor, and OpenCode. These commands are intended for manual environment setup by the user.
- [DATA_EXFILTRATION]: Instructions involve configuring the 'MINIMAX_API_KEY' and 'MINIMAX_API_HOST' environment variables. This is the standard procedure for authenticating with the vendor's vision analysis API and does not involve exfiltration to unauthorized parties.
- [PROMPT_INJECTION]: The skill facilitates image analysis and Optical Character Recognition (OCR), which presents a surface for indirect prompt injection if images contain text intended to override agent behavior.
- Ingestion points: Image file paths and URLs (SKILL.md).
- Boundary markers: No specific delimiters are used in the provided prompt templates to isolate extracted text from instructions.
- Capability inventory: The skill utilizes the 'MiniMax_understand_image' tool for visual analysis and text extraction.
- Sanitization: No explicit sanitization or validation of the text extracted from images is implemented within the skill instructions.
Audit Metadata