mmx-cli

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the mmx command-line tool to interact with MiniMax AI services for multimedia generation and web search.
  • [EXTERNAL_DOWNLOADS]: The skill installs the @minimax-ai/cli package from the official NPM registry and references the MiniMax-AI GitHub repository for updates and documentation. These are well-known resources associated with the service provider.
  • [PROMPT_INJECTION]: The skill accepts unstructured text inputs (prompts, lyrics, and text-to-speech content) which are passed to the MiniMax AI models. This creates a surface for indirect prompt injection where instructions embedded in the processed data could attempt to influence model behavior.
  • Ingestion points: Commands such as mmx text generate, mmx speech generate --text, and mmx music generate --lyrics ingest external text.
  • Boundary markers: None identified; input is passed as string arguments in the shell commands.
  • Capability inventory: The skill has the capability to execute shell commands and perform network requests via the mmx tool.
  • Sanitization: No explicit sanitization or instruction filtering is performed on the input before it is passed to the CLI.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 03:06 AM
Security Audit — agent-trust-hub — mmx-cli