higgsfield-soul-id
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the Higgsfield CLI installation script from the vendor's official GitHub repository at
higgsfield-ai/cli. This is a standard bootstrap procedure for the vendor's tools. - [COMMAND_EXECUTION]: Uses the Bash tool to execute Higgsfield CLI commands (
higgsfield soul-id create,higgsfield auth login, etc.) to manage model training and account status. The instructions use double quotes for variable interpolation (e.g.,"<name>") which helps prevent basic command injection from user-provided strings. - [DATA_EXFILTRATION]: The skill instructs the agent to upload local image files to the Higgsfield platform. This behavior is consistent with the skill's primary stated purpose of training identity-faithful models and does not constitute unauthorized exfiltration.
Audit Metadata