minimax

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md (section 10, Image-to-Video) explicitly accepts a first_frame_image as a URL (or base64) and instructs the service to ingest that external image for video generation, so untrusted third‑party content from arbitrary URLs would be read and can materially influence generation behavior.