Skills
skills/thecraighewitt/higgsfield-skills/viral-replicator/Gen Agent Trust Hub

viral-replicator

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources and interpolates it into instructions.
  • Ingestion points: External data is fetched from Instagram, TikTok, YouTube Shorts, G2, and Trustpilot into raw-post.json and raw-reviews.json.
  • Boundary markers: The prompts in prompts/deconstruct-viral.md and prompts/review-to-ad.md do not utilize clear delimiters or instructions to ignore embedded commands in the ingested data.
  • Capability inventory: The skill executes shell commands to run Node.js scripts and has network access via the Playwright library.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the scraped content before it is processed by the model.
  • [COMMAND_EXECUTION]: The skill uses the shell to execute its own internal Node.js scripts (fetch-ig-post.mjs and scrape-g2-reviews.mjs) as part of its core workflow.
  • [EXTERNAL_DOWNLOADS]: The skill performs automated scraping of external websites including Instagram, TikTok, YouTube, G2, and Trustpilot using the Playwright headless browser.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 08:59 PM