higgsfield-product-photoshoot

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Fetches and executes an installation script from the official Higgsfield AI GitHub repository to set up the required CLI tool.
  • [COMMAND_EXECUTION]: Orchestrates image generation by executing the higgsfield command-line utility via Bash.
  • [EXTERNAL_DOWNLOADS]: Downloads configuration and installation scripts from the service provider's public repository.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes user-provided descriptions which are interpolated into CLI commands.
  • Ingestion points: User product descriptions and image identifiers provided during the interview phase.
  • Boundary markers: Absent.
  • Capability inventory: Subprocess execution via the Bash tool.
  • Sanitization: Absent; input is directly passed as command-line arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — higgsfield-product-photoshoot