hf-init
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The code is well-structured and follows intended functionality without hidden behaviors.\n- [CREDENTIALS_UNSAFE]: The skill handles HuggingFace API tokens with appropriate safety measures. Tokens are read from the environment, masked in any visible output, and the documentation proactively warns against committing secrets to version control.\n- [EXTERNAL_DOWNLOADS]: Dependencies are limited to official or internal project libraries. Communication is conducted with official HuggingFace endpoints using the verified
huggingface_hublibrary.
Audit Metadata