content-engine
Fail
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation in
SKILL.md,README.md, andCLAUDE.mdexplicitly directs the installation of the Higgsfield CLI using the commandcurl -fsSL https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh | sh. This pattern allows for the execution of unverified remote scripts with the privileges of the local user. - [COMMAND_EXECUTION]: Python scripts such as
scripts/compile-dna.pyandscripts/compose-video.pymake frequent use of thesubprocessmodule to execute system binaries includingffmpeg,ffprobe,npx, andbash. These commands process data derived from external storyboard files and user-provided assets, creating a path for command injection if inputs are maliciously crafted. - [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection:
- Ingestion points: Untrusted data from storyboard Markdown files and raw asset descriptions are read in
scripts/compile-dna.pyandscripts/compose-video.py. - Boundary markers: The scripts lack boundary markers (such as XML tags) or protective instructions when interpolating this untrusted text into prompts for the Gemini model.
- Capability inventory: The skill possesses capabilities to execute shell commands (
subprocess), perform network requests (urllib), and manage local files. - Sanitization: No escaping or validation logic is applied to external file content before it is processed by the LLM.
- [EXTERNAL_DOWNLOADS]: The script
scripts/compose-video.pyutilizesurllib.request.urlretrieveto download video files from remote URLs during the generation process.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata