transformers-js
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate technical guide and implementation for the Transformers.js library, which is a well-established tool in the machine learning ecosystem.
- [EXTERNAL_DOWNLOADS]: The skill facilitates downloading pre-trained machine learning models from the Hugging Face Hub (huggingface.co). Hugging Face is a trusted organization, and these downloads are essential for the primary purpose of the skill.
- [REMOTE_CODE_EXECUTION]: Model inference is performed using WebAssembly (WASM) and ONNX Runtime. This involves dynamic execution of model weights downloaded from trusted sources. This behavior is inherent to the library's function and does not constitute a security risk in this context.
- [COMMAND_EXECUTION]: The documentation provides standard NPM installation commands (
npm install @huggingface/transformers) and runtime disposal patterns to manage system memory effectively. - [DATA_EXFILTRATION]: No unauthorized data transmission was found. Network activity is limited to model retrieval from trusted repositories and the processing of user-supplied URLs for media analysis (e.g., image or audio classification).
- [PROMPT_INJECTION]: The instructions use natural, benign language to guide the AI agent. No attempts to override safety filters or bypass core instructions were identified.
Audit Metadata