Higgsfield Soul ID

The skill bundle uses a high-risk 'curl | sh' pattern in SKILL.md to install a CLI tool from a remote GitHub repository (higgsfield-ai/cli). While this behavior is common in developer tools, it constitutes an unverified remote code execution risk within the agent's environment. There is no evidence of intentional malice, but the combination of shell access, remote script execution, and the handling of authentication tokens makes it a significant security concern.