mmx-cli
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
mmxcommand-line tool to interact with MiniMax AI services for multimedia generation and web search. - [EXTERNAL_DOWNLOADS]: The skill installs the
@minimax-ai/clipackage from the official NPM registry and references the MiniMax-AI GitHub repository for updates and documentation. These are well-known resources associated with the service provider. - [PROMPT_INJECTION]: The skill accepts unstructured text inputs (prompts, lyrics, and text-to-speech content) which are passed to the MiniMax AI models. This creates a surface for indirect prompt injection where instructions embedded in the processed data could attempt to influence model behavior.
- Ingestion points: Commands such as
mmx text generate,mmx speech generate --text, andmmx music generate --lyricsingest external text. - Boundary markers: None identified; input is passed as string arguments in the shell commands.
- Capability inventory: The skill has the capability to execute shell commands and perform network requests via the
mmxtool. - Sanitization: No explicit sanitization or instruction filtering is performed on the input before it is passed to the CLI.
Audit Metadata