Skills
skills/akcodez/higgsfield-claude-skills/ugc-video-auto/Gen Agent Trust Hub

ugc-video-auto

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Playwright MCP tools (browser_navigate, browser_click, browser_type, browser_evaluate) to automate interactions with the Higgsfield.ai website. The use of browser_evaluate is limited to a hardcoded JavaScript snippet for DOM element focus and does not incorporate untrusted external input.
  • [PROMPT_INJECTION]: The skill ingests untrusted user data (character descriptions and product context) which is then interpolated into prompts sent to the external Higgsfield AI models. While this creates a surface for indirect prompt injection, the skill is primarily an automation wrapper and does not exhibit signs of self-modifying behavior or safety bypass.
  • [SAFE]: All network operations are directed at the primary service domain (higgsfield.ai). No sensitive local file access or data exfiltration patterns were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 02:46 PM