higgsfield-generate
Fail
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill requires the installation of the
higgsfieldCLI tool by downloading and piping a remote shell script directly into the shell:curl -fsSL https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh | sh. This behavior, documented in the bootstrap section ofSKILL.md, executes unverified code from a third-party GitHub repository. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to perform complex operations via thehiggsfieldCLI, including authentication (higgsfield auth login), job creation for media generation (higgsfield generate create), and account management. These operations involve sub-processes that handle user data and system state. - [EXTERNAL_DOWNLOADS]: The skill facilitates fetching content from arbitrary external URLs provided by the user via the
higgsfield marketing-studio products fetch --urlcommand, as specified inreferences/marketing-products.mdand the Click-to-Ad workflow inSKILL.md. - [PROMPT_INJECTION]: The skill possesses several surfaces for indirect prompt injection. It ingests untrusted data from external websites during product fetching and analyzes user-uploaded video files through the
brain_activitymodel. Maliciously crafted content in these external sources could influence the agent's behavior during subsequent processing steps. - Ingestion points: Website content fetched via URL and video files processed for virality scoring.
- Boundary markers: No specific delimiters or safety instructions are used to isolate the agent's logic from the contents of the fetched external data.
- Capability inventory: The agent has access to full shell execution via the
Bashtool and thehiggsfieldCLI. - Sanitization: The instructions do not define any sanitization, filtering, or validation for the data retrieved from external sources before it is analyzed or used in prompts.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata