higgsfield-generate

Fail

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill requires the installation of the higgsfield CLI tool by downloading and piping a remote shell script directly into the shell: curl -fsSL https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh | sh. This behavior, documented in the bootstrap section of SKILL.md, executes unverified code from a third-party GitHub repository.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform complex operations via the higgsfield CLI, including authentication (higgsfield auth login), job creation for media generation (higgsfield generate create), and account management. These operations involve sub-processes that handle user data and system state.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates fetching content from arbitrary external URLs provided by the user via the higgsfield marketing-studio products fetch --url command, as specified in references/marketing-products.md and the Click-to-Ad workflow in SKILL.md.
  • [PROMPT_INJECTION]: The skill possesses several surfaces for indirect prompt injection. It ingests untrusted data from external websites during product fetching and analyzes user-uploaded video files through the brain_activity model. Maliciously crafted content in these external sources could influence the agent's behavior during subsequent processing steps.
  • Ingestion points: Website content fetched via URL and video files processed for virality scoring.
  • Boundary markers: No specific delimiters or safety instructions are used to isolate the agent's logic from the contents of the fetched external data.
  • Capability inventory: The agent has access to full shell execution via the Bash tool and the higgsfield CLI.
  • Sanitization: The instructions do not define any sanitization, filtering, or validation for the data retrieved from external sources before it is analyzed or used in prompts.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — higgsfield-generate