Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/auto-review-loop-minimax/Gen Agent Trust Hub

auto-review-loop-minimax

Fail

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructs the agent to access the sensitive platform configuration file ~/.claude/settings.json to retrieve the MINIMAX_API_KEY.
  • [DATA_EXFILTRATION]: Local project context, including narrative documents and research results, is transmitted to the external API endpoint https://api.minimax.io/v1/chat/completions.
  • [PROMPT_INJECTION]: The skill explicitly directs the agent to bypass user oversight by performing file writes silently ("Do NOT ask the user for permission — just do it silently") if standard tools fail.
  • [COMMAND_EXECUTION]: Utilizes curl for API communication and suggests using Bash for managing remote experiment sessions via SSH and screen/tmux.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes potentially untrusted project data and implements changes based on LLM responses without sanitization.
  • Ingestion points: Project narrative documents, memory files, and prior review documents are read during the initialization phase in SKILL.md.
  • Boundary markers: No delimiters or isolation instructions are present to prevent embedded instructions in project files from being interpreted.
  • Capability inventory: The skill uses Bash, Write, Edit, and Agent tools, allowing for broad filesystem and system interaction.
  • Sanitization: No filtering or validation is performed on data retrieved from project files before it is used to prompt the reviewer or implement fixes.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 13, 2026, 08:16 PM