The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): The scripts scripts/inspect_vllm_uv.py, scripts/lighteval_vllm_uv.py, and scripts/run_vllm_eval_job.py implement a --trust-remote-code flag. This flag is passed directly to underlying evaluation frameworks (transformers, vllm, lighteval). If enabled by the user or an agent, it allows the execution of arbitrary Python code defined within the model's repository on the Hugging Face Hub.
[COMMAND_EXECUTION] (MEDIUM): Multiple scripts (scripts/inspect_eval_uv.py, scripts/inspect_vllm_uv.py, scripts/lighteval_vllm_uv.py, scripts/run_eval_job.py, and scripts/run_vllm_eval_job.py) use subprocess.run to call external CLI tools such as inspect, lighteval, and the Hugging Face hf CLI. While arguments are passed as a list, the model IDs and task names provided by the user are directly incorporated into the command execution flow.
[CREDENTIALS_UNSAFE] (LOW): The skill relies on sensitive tokens (HF_TOKEN and AA_API_KEY). The scripts scripts/run_eval_job.py and scripts/run_vllm_eval_job.py pass the Hugging Face token as a plaintext secret in the command line argument (--secrets HF_TOKEN={token}) when submitting jobs. This could lead to the token being exposed in process listings or command history on the host machine.
[INDIRECT_PROMPT_INJECTION] (LOW): The tool extracts evaluation data from Markdown tables in model READMEs. While the logic appears to focus on numeric extraction, a maliciously crafted model card could attempt to influence the agent's behavior if the extracted content is used in downstream reasoning without sanitization. (Note: scripts/evaluation_manager.py, which handles this logic, was referenced but not included in the provided file set).

hugging-face-evaluation