higgsfield-product-photoshoot
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes an installation script from the official Higgsfield AI GitHub repository to set up the required CLI tool.
- [COMMAND_EXECUTION]: Orchestrates image generation by executing the
higgsfieldcommand-line utility via Bash. - [EXTERNAL_DOWNLOADS]: Downloads configuration and installation scripts from the service provider's public repository.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes user-provided descriptions which are interpolated into CLI commands.
- Ingestion points: User product descriptions and image identifiers provided during the interview phase.
- Boundary markers: Absent.
- Capability inventory: Subprocess execution via the Bash tool.
- Sanitization: Absent; input is directly passed as command-line arguments.
Audit Metadata