higgsfield-generate

Fail

Audited by Snyk on Jun 14, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.85). The set is suspicious because it contains a direct raw GitHub shell script URL (raw.githubusercontent.com/.../install.sh) that the skill instructs users to curl and pipe to sh (a high-risk pattern), plus ambiguous/placeholder links (https://… and bare “cdn” hosts) and an unknown domain (drinkolipop.com); although some links (apps.apple.com, example.com) are benign, the presence of an executable-install script and obscured/unknown hosts raises significant risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 14, 2026, 06:40 AM
Issues
2
Security Audit — snyk — higgsfield-generate