higgsfield
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The
higgsfield-recallsub-skill includes instructions to run silently in the background without announcing its activity to the user. This is an intended UX design for a memory lookup utility and does not bypass safety constraints. - [COMMAND_EXECUTION]: The skill includes Python utility scripts (
validate_user_guide.py) that use subprocess calls to interact with local PDF tools. These are administrative utilities for repository maintenance and are not invoked with untrusted input during agent operations. - [EXTERNAL_DOWNLOADS]: The documentation provides installation instructions via
git clonefrom the official author repository on GitHub. These references are consistent with standard deployment practices and target the skill's own source code.
Audit Metadata