transformers-js
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Model Downloads from Established Sources: The skill is designed to fetch pre-trained machine learning models from the Hugging Face Hub and reputable CDNs like jsDelivr. These operations target the vendor's own official infrastructure or well-known delivery services, which is the intended and documented functionality of the library.
- Local Resource Management: The library utilizes local filesystem and browser storage to cache model weights, significantly improving performance for subsequent loads. The skill includes detailed instructions on managing this cache and provides the necessary configuration options to restrict or redirect these operations according to environment security requirements.
- Input Processing Surface: As a machine learning integration tool, the skill naturally processes external data such as text, images, and audio. The documentation includes best practices for memory management and resource disposal, and users are encouraged to apply standard data sanitization when integrating these capabilities with untrusted inputs.
- Dependency Transparency: The skill references standard, versioned packages including
@huggingface/transformersand@aws-sdk/client-s3. These are recognized libraries from the vendor and established cloud providers, following standard development workflows.
Audit Metadata