higgsfield-soul
Fail
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads a setup script from the vendor's official GitHub repository (higgsfield-ai/cli) as a prerequisite for its core functionality.\n- [REMOTE_CODE_EXECUTION]: The installation process involves piping a remote script from the vendor's infrastructure to a shell (curl | sh). While this originates from a known vendor source, it involves the execution of remote code.\n- [COMMAND_EXECUTION]: The skill executes various bash commands using the higgsfield CLI tool to manage model training and content generation tasks.\n- [PROMPT_INJECTION]: The skill instructions define a workflow where user-provided inputs, such as character names, are interpolated into shell commands. This represents an indirect prompt injection surface if the input contains shell metacharacters.\n
- Ingestion points: User-provided character names and image file paths defined in SKILL.md.\n
- Boundary markers: The character name is placed within double quotes in the command template.\n
- Capability inventory: The skill uses the 'Bash' tool to execute local CLI commands.\n
- Sanitization: The skill does not describe any steps to validate, sanitize, or escape user-provided strings before they are executed in the shell.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh - DO NOT USE without thorough review
Audit Metadata