huggingface-tokenizers
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill uses
Tokenizer.from_pretrained(), which downloads configuration files from Hugging Face. Hugging Face is a trusted organization in the AI ecosystem. - [DATA_EXPOSURE] (SAFE): The skill references local file access for training (
data.txt) and saving (tokenizer.json). These are standard operations for the intended purpose of the skill. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from external files. Evidence: 1. Ingestion points:
tokenizer.train(files=['data.txt'])in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: File read (data.txt), file write (tokenizer.json,my-tokenizer.json). 4. Sanitization: Absent. This category flags vulnerability surfaces; the risk is low as it only influences the subword tokenization model.
Audit Metadata