huggingface
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands via the Bash tool to manage Python environments, run Docker containers, and interact with CLI tools.\n
- Evidence: Use of
pip install,huggingface-cli login,docker run, and execution of local scripts such asnode .claude/lib/memory/memory-search.cjs. The skill also employsliger-kernelfor runtime monkey-patching of the transformers library to optimize performance.\n- [EXTERNAL_DOWNLOADS]: Fetches machine learning models, datasets, and library packages from established external services.\n - Evidence: Downloads from Hugging Face Hub (huggingface.co), GitHub Container Registry (ghcr.io), and PyPI.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from external, potentially untrusted sources.\n
- Ingestion points: Untrusted data enters via
load_dataset,from_pretrainedmodel loading, andInferenceClienttext generation responses in SKILL.md.\n - Boundary markers: The provided code snippets do not include explicit delimiters or instructions to ignore embedded instructions when processing external strings.\n
- Capability inventory: The skill has access to
Bashfor command execution andWritefor file system modifications, creating a path for potential exploitation of injected instructions.\n - Sanitization: No explicit sanitization or validation of content fetched from external repositories is demonstrated in the workflows.
Audit Metadata