hf-api
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill reads the
HF_TOKENenvironment variable and includes it in an authorization header tohuggingface.co. Hugging Face is a well-known technology service, and this represents standard authentication functionality. - [EXTERNAL_DOWNLOADS]: The skill performs a GET request to
huggingface.co/api/modelsto retrieve data from a well-known service. - [PROMPT_INJECTION]:
- Ingestion points: The skill ingests data from
huggingface.co/api/modelsinto the agent's context. - Boundary markers: None observed in the provided script.
- Capability inventory: The skill code does not have access to risky capabilities such as file system writing, network transmission of local files, or shell command execution.
- Sanitization: No sanitization of the API response is performed within this script.
Audit Metadata