minimax-image-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests images from arbitrary HTTP/HTTPS URLs (see SKILL.md "HTTP/HTTPS URL" and scripts/analyze.ts → processImageUrl which uses fetch to download remote images), and those images (including any embedded text) are parsed and returned as analysis—so untrusted third-party content can supply instructions that influence downstream behavior.