hugging-face-paper-pages
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- Network Communication: The skill performs network requests using
curlto fetch paper metadata and content fromhuggingface.coandarxiv.org. These are recognized and trusted repositories for academic research, and the operations are consistent with the skill's intended purpose. - Credential Management: For authenticated API requests, the skill correctly references the
$HF_TOKENenvironment variable. This ensures that sensitive access tokens are handled securely and are not exposed within the skill's instructions. - Processing of External Content: The skill involves the ingestion of external data from research papers for summarization. While processing external content is a common surface for indirect prompt injection, this is a standard characteristic of summarization tools, and the data originates from reputable academic sources.
- Ingestion points: Paper markdown and API metadata are retrieved from Hugging Face and arXiv endpoints.
- Boundary markers: The skill relies on standard task context for summarization; specific delimiters for external content are not explicitly defined in the provided instructions.
- Capability inventory: The skill's capabilities are limited to data retrieval and text processing; it does not include commands for arbitrary code execution or file system access based on the retrieved content.
- Sanitization: The skill interacts with structured data and markdown formats from official repository APIs.
Audit Metadata