pw-higgsfield
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill takes user-provided prompts to generate images and videos via browser automation.
- Ingestion points: User prompts are passed to the
create-imageandcreate-videocommands. - Boundary markers: None are present in the provided instructions to separate user input from the automation logic.
- Capability inventory: The skill utilizes
pw(Playwright-based automation) to control a browser instance with an active session (pw connect --launch). It can navigate pages and interact with web elements. - Sanitization: No sanitization or validation of user-provided strings is documented. If the underlying
higgsfield.nuscript interpolates these prompts directly into browser commands (likeevaluateor input fields), an attacker could craft a prompt to redirect the browser or exfiltrate session cookies. - Unverifiable Dependencies (MEDIUM): The skill relies on external Nushell scripts (
pw.nuandhiggsfield.nu) and an external binary (pw). These files are not provided for analysis, making the exact execution logic and safety of the automation opaque. - Command Execution (MEDIUM): The skill facilitates the execution of shell commands (
pw connect) and custom scripts. While intended for setup, this provides a mechanism for local environment interaction.
Recommendations
- AI detected serious security threats
Audit Metadata