ai-higgsfield-product-photoshoot

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted input from external URLs, files, and text snippets provided by the user, creating a surface for indirect prompt injection.
  • Ingestion points: Data enters via materialText, materialUrl, and materialFile parameters as defined in references/form-schema.json.
  • Boundary markers: The skill does not currently implement specific delimiters or instructions to ignore instructions embedded within the user-provided materials.
  • Capability inventory: The skill utilizes scripts/run.py to perform network operations (HTTPS POST requests) to the service endpoint.
  • Sanitization: Input data is passed to the API without visible client-side sanitization.
  • [SAFE]: The provided scripts/run.py is a standard Python script for interacting with the vendor's API. It performs network requests and basic error handling without executing arbitrary commands, requesting elevated privileges, or accessing sensitive local files. All external URLs and resources are consistent with the vendor's own infrastructure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-higgsfield-product-photoshoot