The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external sources. 1. Ingestion points: The skill retrieves search results and image descriptions from the MiniMax API as described in SKILL.md. 2. Boundary markers: There are no explicit instructions or delimiters used to separate external content from the agent's system prompt or to instruct the agent to ignore instructions within that content. 3. Capability inventory: The agent has the capability to execute subprocesses via curl and base64 as seen in SKILL.md and reference.md. 4. Sanitization: No specific sanitization or filtering of the API responses is performed before the content is returned to the agent.
[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to perform its primary functions. Evidence: Examples in SKILL.md and reference.md demonstrate the use of curl for API requests and base64 for encoding image files.
[EXTERNAL_DOWNLOADS]: The skill connects to external API endpoints to perform searches and vision tasks. Evidence: Requests are made to api.minimaxi.com and api.minimax.io. These are official endpoints for the MiniMax AI service, which is a well-known service provider.

minimax-search-vlm