The Agent Skills Directory

[PROMPT_INJECTION]: The instructions in mnt/user-data/outputs/higgsfield/skills/higgsfield-recall/SKILL.md explicitly direct the agent to perform actions 'SILENTLY' and 'don't announce it'. This pattern matches behavioral concealment, where an agent performs background processing (in this case, local database queries) without the user's knowledge.
[COMMAND_EXECUTION]: The skill uses the bash tool to execute local Python scripts (higgsfield_memory.py, seedance_lint.py, and generate_user_guide.py). These scripts perform file operations, database queries, and PDF generation.
[COMMAND_EXECUTION]: A command injection surface exists in the higgsfield-recall and higgsfield-seedance sub-skills. The agent is instructed to run shell commands using strings extracted from user prompts as arguments (e.g., python3 higgsfield_memory.py query-filter "<key terms from prompt>" 5). If the agent fails to sanitize these strings before passing them to the shell tool, a malicious user could execute arbitrary commands by including shell metacharacters in their prompt intent.
[COMMAND_EXECUTION]: The higgsfield_memory.py script performs atomic file writes by creating .tmp files and replacing existing ones. While functional, it indicates significant local file system manipulation capability.

higgsfield-model-guide