The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The scripts/preflight_check.py script is vulnerable to Python code injection. It uses f-string interpolation to construct code for the python -c command (e.g., in check_onnx_community and detect_task). Because the input model_id is not properly sanitized, an attacker can supply a crafted model ID (e.g., \"); import os; os.system(\"id\") #) to execute arbitrary commands on the host machine.\n- [REMOTE_CODE_EXECUTION] (HIGH): The documentation in SKILL.md recommends using the --trust-remote-code flag as a quick fix for conversion errors. This flag permits the transformers and optimum libraries to download and execute arbitrary Python files provided by the model author on the Hugging Face Hub, posing a severe risk if the model source is malicious.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill frequently references and downloads assets from the Hugging Face Hub. While this is part of its core functionality, it relies on the security and integrity of third-party model repositories which are not within the defined trust scope.\n- [DATA_EXFILTRATION] (LOW): The script makes network requests to huggingface.co to retrieve model metadata. While Hugging Face is a legitimate service, the script lacks controls over where data is sent if the model ID is manipulated.

onnx-webgpu-converter