hugging-face
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified in the skill instructions or metadata.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage via npm. This is a standard requirement for using the platform and originates from the vendor's own namespace. - [PROMPT_INJECTION]: The skill integrates with Hugging Face to list repository files, discussions, and dataset contents. This introduces an inherent surface for indirect prompt injection where the agent processes external, untrusted data. However, the skill does not include any high-risk capabilities like arbitrary code execution or file system writes that would escalate this risk.
Audit Metadata