higgsfield-marketplace-cards

Fail

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill executes unverified remote code by piping a downloaded script directly into the shell. This bypasses security reviews and allows for arbitrary code execution on the host system during the bootstrap phase.
  • Evidence: curl -fsSL https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh | sh in SKILL.md.
  • [COMMAND_EXECUTION]: The core functionality of the skill involves building and running shell commands using the higgsfield CLI tool.
  • Evidence: The skill instructs the agent to run higgsfield marketplace-cards create using the Bash tool.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection and command injection because it interpolates untrusted user input directly into shell command arguments without sanitization.
  • Ingestion points: User-provided text for the --prompt argument and file paths/URLs for the --image argument.
  • Boundary markers: None specified to differentiate between instructions and data.
  • Capability inventory: The skill utilizes the Bash tool to execute both the installer and the marketplace CLI commands.
  • Sanitization: No sanitization, escaping, or validation logic is defined before user input is passed to the command line.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — higgsfield-marketplace-cards