The Agent Skills Directory

Credential Management: The skill utilizes standard environment variables (HF_TOKEN) and Hugging Face Job secrets for authentication. This ensures that sensitive tokens are handled securely and never hardcoded in the training scripts.
Trusted Infrastructure: All network operations, including dataset inspection and model persistence, target official Hugging Face domains (huggingface.co, datasets-server.huggingface.co). These are recognized as trusted vendor resources.
Dependency Verification: The skill utilizes PEP 723 inline metadata for Python dependencies, referencing established and widely used libraries in the computer vision ecosystem such as transformers, albumentations, timm, and monai.
Dataset Validation: The inclusion of a dedicated dataset_inspector.py script promotes security by encouraging the verification of dataset formats before initiating resource-heavy GPU training, preventing common configuration errors.
Indirect Prompt Injection Surface: As an ML training tool, the skill naturally processes data from external datasets. While this presents an inherent surface for indirect prompt injection via poisoned data, the risk is minimized by the use of standard training frameworks and is part of the intended primary purpose of the skill.

huggingface-vision-trainer