ai-higgsfield-product-photoshoot
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted input from external URLs, files, and text snippets provided by the user, creating a surface for indirect prompt injection.
- Ingestion points: Data enters via
materialText,materialUrl, andmaterialFileparameters as defined inreferences/form-schema.json. - Boundary markers: The skill does not currently implement specific delimiters or instructions to ignore instructions embedded within the user-provided materials.
- Capability inventory: The skill utilizes
scripts/run.pyto perform network operations (HTTPS POST requests) to the service endpoint. - Sanitization: Input data is passed to the API without visible client-side sanitization.
- [SAFE]: The provided
scripts/run.pyis a standard Python script for interacting with the vendor's API. It performs network requests and basic error handling without executing arbitrary commands, requesting elevated privileges, or accessing sensitive local files. All external URLs and resources are consistent with the vendor's own infrastructure.
Audit Metadata