Skills
NYC
skills/huggingface/skills/hugging-face-cli/Gen Agent Trust Hub

hugging-face-cli

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill exposes the hf jobs run command, enabling arbitrary command execution within remote cloud containers.
  • COMMAND_EXECUTION (HIGH): Destructive actions like hf repo delete and hf endpoints delete can be executed with the --yes flag to bypass safety confirmations.
  • CREDENTIALS_UNSAFE (MEDIUM): Manages sensitive authentication tokens through hf auth login and hf auth list, creating potential for credential exposure in logs or environments.
  • Persistence Mechanisms (HIGH): Supports creation of recurring tasks on remote infrastructure via hf jobs scheduled run.
  • DATA_EXFILTRATION (LOW): The hf upload command allows sending local file data to external repositories, presenting a risk if misused by an agent.
  • PROMPT_INJECTION (LOW): (Category 8) The skill ingests untrusted data via hf download. Ingestion point: hf download in SKILL.md. Boundary markers: Absent. Capability inventory: RCE via jobs, repository deletion, file system access. Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 04:56 PM