cli-anything-minimax
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing a CLI tool from a remote GitHub repository belonging to the author (github.com/HKUDS/CLI-Anything.git). This is documented as a standard installation method for the utility.\n- [PROMPT_INJECTION]: The skill acts as a wrapper for LLM and TTS services, ingesting untrusted data through CLI arguments like --prompt and --text. This represents an indirect prompt injection surface where malicious inputs could attempt to manipulate downstream AI model behavior.\n
- Ingestion points: CLI arguments --prompt and --text in SKILL.md usage examples.\n
- Boundary markers: None identified in the provided documentation or examples.\n
- Capability inventory: Performs network requests to the MiniMax API and writes synthesized audio files to the local filesystem.\n
- Sanitization: No input sanitization or validation logic is described in the skill instructions.
Audit Metadata