content-engine

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Most links point to legitimate services (Topaz, Runway, HuggingFace, GitHub, Google Fonts, etc.), but the set includes high-risk indicators — a direct raw GitHub install script (curl|sh), many direct git clone URLs and personal/unknown domains, personal file placeholders and cloud endpoints, plus localhost API endpoints intended to run downloaded code — so the bundle should be treated as potentially suspicious and handled with caution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The OpenCaptions extension’s runtime path can ingest outsider-authored free text via the graded video’s audio transcript: the extension calls the OpenCaptions CLI/MCP to transcribe and then uses an LLM to analyze that transcript, so any spoken words by non-operating-user speakers become free text in the LLM context (indirect prompt injection risk).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes an explicit runtime installation command that fetches and executes remote code—curl -fsSL https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh | sh—to install the Higgsfield CLI, which the skill treats as a runtime dependency for generation workflows, so this URL poses a high-risk remote-execution dependency.