higgsfield-marketplace-cards
Fail
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill executes unverified remote code by piping a downloaded script directly into the shell. This bypasses security reviews and allows for arbitrary code execution on the host system during the bootstrap phase.
- Evidence:
curl -fsSL https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh | shin SKILL.md. - [COMMAND_EXECUTION]: The core functionality of the skill involves building and running shell commands using the
higgsfieldCLI tool. - Evidence: The skill instructs the agent to run
higgsfield marketplace-cards createusing theBashtool. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection and command injection because it interpolates untrusted user input directly into shell command arguments without sanitization.
- Ingestion points: User-provided text for the
--promptargument and file paths/URLs for the--imageargument. - Boundary markers: None specified to differentiate between instructions and data.
- Capability inventory: The skill utilizes the
Bashtool to execute both the installer and the marketplace CLI commands. - Sanitization: No sanitization, escaping, or validation logic is defined before user input is passed to the command line.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata