hugging-face-jobs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- REMOTE_CODE_EXECUTION (LOW): The skill documentation provides examples of running scripts from remote URLs and inline strings via the
hf_jobstool. While this facilitates remote code execution, the patterns target Hugging Face (a trusted source) and are essential to the skill's primary purpose. Examples include:hf_jobs("uv", {"script": "https://huggingface.co/user/repo/resolve/main/script.py"}). \n- DATA_EXFILTRATION (LOW): Reference guides include templates for persisting job results to external storage and APIs, such asrequests.post("https://your-api.com/results", json=results). These are intended for legitimate result persistence but represent a potential exfiltration surface. The skill mitigates risk by advising the use ofsecretsfor sensitive tokens. \n- INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to process datasets from the Hugging Face Hub, which serves as a surface for indirect prompt injection. \n - Ingestion points: The documentation (e.g.,
generate-responses.pyin index.html) describes loading prompt and message data from external datasets for processing. \n - Boundary markers: No explicit boundary markers or 'ignore' instructions are provided in the templates. \n
- Capability inventory: Includes
hf_jobsfor code execution andHfApi/push_to_hubfor writing to external repositories. \n - Sanitization: No explicit sanitization or validation of dataset content is demonstrated in the provided reference files.
Audit Metadata