character-mgmt
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected in the instructions or configuration.
- [SAFE]: API credential management follows recommended security practices by instructing users to utilize environment variables (HIGGSFIELD_API_KEY and HIGGSFIELD_SECRET) rather than hardcoding secrets.
- [INDIRECT_PROMPT_INJECTION]: The skill has an expected attack surface for indirect prompt injection, as it processes user-provided character descriptions.
- Ingestion points: User-provided character names, appearance descriptions, personality traits, and styles in SKILL.md.
- Boundary markers: None identified in the provided instructions.
- Capability inventory: Character creation, retrieval, and deletion via the higgsfield-mcp server.
- Sanitization: Content filtering and sanitization are not explicitly defined in the skill instructions, relying on the underlying platform.
Audit Metadata