higgsfield-websites

Pass

Audited by Gen Agent Trust Hub on Jul 11, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill installs the official Higgsfield CLI by piping a setup script from the vendor's repository (https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh) to the shell. This is a standard installation method for the platform's required tooling and originates from a verified author source.
  • [COMMAND_EXECUTION]: Orchestrates the site-building process using the Bash tool to run git, bun, and higgsfield CLI commands. It additionally creates and executes a local Python script (compose_cover.py) to process marketing assets and apply stadium-mask geometry to generated images.
  • [EXTERNAL_DOWNLOADS]: Fetches design reference images and visual components from Higgsfield's static storage (static.higgsfield.ai). It also manages dependencies from standard well-known registries like NPM and PyPI, including libraries for image processing (Pillow, NumPy).
  • [SAFE]: The skill demonstrates a high security posture by including detailed threat modeling and hardening guides for the resulting websites. It correctly handles sensitive data using environment variables and platform-managed secrets, and its internal APIs (fnf.internal) are isolated from the browser context to prevent credential exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 11, 2026, 04:13 PM
Security Audit — agent-trust-hub — higgsfield-websites