common-skills
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions, jailbreak attempts, or override markers were detected in the skill description or body.
- [Data Exposure & Exfiltration] (SAFE): The skill includes explicit security checklists advising against token exposure in logs and recommending environment variable protection. No hardcoded credentials or exfiltration patterns are present.
- [Unverifiable Dependencies] (SAFE): References well-known and reputable libraries such as huggingface_hub and hf-transfer. No suspicious or unversioned remote package installations are suggested.
- [Command Execution] (SAFE): The allowed tools are limited to Read, Grep, and Glob, which are standard for file system navigation and do not include high-risk shell execution capabilities.
- [Indirect Prompt Injection] (LOW): While the described utilities process external data from the HuggingFace Hub, the skill explicitly provides remediation guidance including safe file path handling and error handling for network failures.
Audit Metadata