frontend-dev
Warn
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The documentation in 'references/env-setup.md' instructs users to execute 'sudo apt install ffmpeg'. This is a high-privilege command that modifies the system state and requires administrative access.
- [EXTERNAL_DOWNLOADS]: Multiple Python scripts, including 'minimax_image.py', 'minimax_music.py', and 'minimax_video.py', download media assets from remote URLs provided by the MiniMax API and save them to the local filesystem. These operations involve fetching binary data from dynamic external sources.
- [DATA_EXFILTRATION]: The skill is designed to transmit user-provided content such as prompts, lyrics, and text to external API endpoints at 'api.minimax.io' or 'api.minimaxi.com'. This channel transmits data to a third-party service, which could include sensitive information if provided in the user's request.
- [COMMAND_EXECUTION]: The skill generates p5.js code and complex frontend components based on natural language input. This presents an indirect prompt injection surface where malicious instructions in the input could lead to the generation of scripts that execute in the user's browser environment.
Audit Metadata