hf-cli
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Remote Installation Script: The skill references an installation script at
https://hf.co/cli/install.sh. This is an official distribution channel for the vendor's tool and originates from a verified domain. - Extension Framework: The
hf extensionscommand group allows users to install and run code from GitHub repositories. This provides modularity, and users should review extensions as they would any third-party software. - Workload Management: The skill enables running remote jobs and scripts (e.g.,
hf jobs runorhf jobs uv), which involves executing commands or Python scripts on Hugging Face infrastructure. - Authentication Handling: The skill provides commands to manage Hugging Face access tokens (
hf auth). These tokens are stored locally to facilitate interactions with the Hub, following standard CLI authentication practices. - Data Processing Surface: Commands like
hf datasets sqlprocess dataset contents. This represents a potential surface for indirect injection if dataset contents are treated as instructions, though this is managed by the underlying tool's query engine. - Ingestion points: External dataset files processed via SQL (SKILL.md).
- Boundary markers: None explicitly defined in the CLI command descriptions.
- Capability inventory: Remote job execution and extension management (SKILL.md).
- Sanitization: Standard SQL query parsing is applied by the tool.
Audit Metadata