MiniMax Lyrics Generation

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward MiniMax lyrics generator, with the main considerations being API-key storage and sending lyric prompts to MiniMax.

Use a dedicated MiniMax API key if possible, watch for quota or billing use, and avoid sending confidential unpublished lyrics or sensitive prompts unless you are comfortable sharing them with MiniMax. For general song-generation requests, confirm whether you want lyrics only before invoking this skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill advertises broad trigger phrases like 'generate a song' and 'song lyrics', which can match ordinary user requests and cause the skill to activate when the user did not explicitly intend to use this specific external API integration. Unintended invocation can lead to surprising third-party data disclosure, unnecessary API usage, and confusing agent behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal