huggingface-paper-publisher
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- Secure External Data Handling: The skill fetches paper metadata from arXiv's public API. To prevent potential formatting or injection issues in generated markdown/YAML files, the script implements robust sanitization functions (_sanitize_text and _escape_yaml_value) that strip control characters and escape structural markers.
- Trusted Network Operations: All network requests are directed to well-known and reputable services, specifically the Hugging Face Hub and the official arXiv API. These operations are essential for the skill's primary purpose of indexing and linking research artifacts.
- Best-Practice Secret Management: The skill appropriately handles authentication using the HF_TOKEN. It provides clear instructions for users to manage this sensitive information through environment variables or .env files, avoiding any hardcoding of credentials.
- Input Validation: arXiv identifiers are validated against strict regex patterns (e.g., modern and legacy formats) before being processed, ensuring that only correctly formatted IDs are used in API calls and file modifications.
- Transparent File Modifications: When updating repository README.md files, the skill uses explicit boundary markers () to isolate its changes, ensuring that existing user content is preserved and the modifications are easily identifiable.
Audit Metadata