minimax-understand-image

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask the user for the MiniMax API key and then embed that key verbatim into commands/files (and to cat the stored key), which requires the LLM to handle and output secret values directly.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Most URLs point to benign resources or official PyPI mirrors (pypi.tuna.tsinghua.edu.cn, mirrors.aliyun.com) or an image, but the skill instructs running a remote install script via "curl ... | sh" from astral.sh (an unverified domain) — executing such a fetched shell script without verification is a high-risk distribution vector for malware, so the collection should be treated as suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly accepts arbitrary image URLs (SKILL.md step 4.1) and the script scripts/understand_image.py passes the image_source to the MiniMax MCP for analysis, meaning the agent fetches and interprets untrusted, user-hosted content (images and any embedded text) that could materially influence subsequent decisions or tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's installation step instructs running "curl -LsSf https://astral.sh/uv/install.sh | sh", which fetches and executes remote install code at runtime to provide the required "uvx" dependency used to launch the MCP tool, so the URL https://astral.sh/uv/install.sh is a runtime external dependency that executes remote code.