hf-upload
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs its stated purpose of HuggingFace integration using official tools and user-provided credentials. No malicious behavior was detected.
- [EXTERNAL_DOWNLOADS]: The skill requires the
huggingface_hublibrary, which is a standard dependency from a well-known service provider, to facilitate API interactions. - [DATA_EXFILTRATION]: The skill is designed to upload data (learning snapshots, traces) to HuggingFace. This is an intended functionality using the user's own repositories and API keys.
- [CREDENTIALS_UNSAFE]: HuggingFace tokens are accessed from the environment. The skill correctly implements credential masking in its configuration reporting to prevent full token exposure in logs.
Audit Metadata