hugging-face-trackio
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires installing
trackioviapip. As the skill is authored by Hugging Face (a trusted organization) and points to a legitimate repository (gradio-app/trackio), the download risk is significantly mitigated per the trust-scope rules. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it retrieves and processes training metrics and configurations that could be controlled by an external actor or malicious dataset.
- Ingestion points: Metric data and run configurations are retrieved via
trackio get metric --jsonandtrackio get run --json(documented inreferences/retrieving_metrics.md). - Boundary markers: None identified in the provided documentation to delimit metric data from agent instructions.
- Capability inventory: The agent can execute CLI commands and potentially use the retrieved JSON data to make subsequent decisions or generate code.
- Sanitization: No explicit sanitization or validation of the metric values or config strings is mentioned before processing.
- [DATA_EXFILTRATION] (SAFE): The skill documentation describes syncing data to Hugging Face Spaces (
trackio sync). This is a core, transparent feature for remote experiment monitoring and does not constitute unauthorized exfiltration. - [COMMAND_EXECUTION] (SAFE): The CLI commands used (
trackio list,trackio get) are restricted to the library's specific database querying functionality and do not appear to allow arbitrary shell execution.
Audit Metadata