huggingface-hub
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Standard Tooling and Best Practices (SAFE): The skill provides extensive documentation on official Hugging Face libraries (
huggingface_hub,transformers,gradio). It explicitly recommends best practices, such as using environment variables for tokens instead of hardcoding them. - Network and File Operations (SAFE): All network requests target official Hugging Face domains (
huggingface.co,router.huggingface.co). File system operations are limited to standard model/dataset downloading and local caching patterns expected in a machine learning development environment. - Indirect Prompt Injection Surface (LOW): Several examples, such as the Gradio chat interface (
examples/gradio-chat-interface.py) and webhook handler (examples/webhooks-auto-retrain.py), ingest untrusted external data. While these represent an attack surface for indirect prompt injection, the risk is inherent to the specific functionality of LLM applications and the skill provides standard implementation patterns. - Ingestion points: Chat messages, images, and webhook JSON payloads.
- Boundary markers: System prompts are used in chat examples to define model behavior.
- Capability inventory: Remote inference calls and repo management via HfApi.
- Sanitization: Standard input processing for ML pipelines.
- Dynamic Code Generation (SAFE): The skill contains examples of generating Python scripts for automation (e.g., in
examples/webhooks-auto-retrain.py). These are presented as educational templates for MLOps automation and do not execute dynamically against the user's environment in a malicious way.
Audit Metadata