hugging-face-datasets
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts
dataset_manager.pyandsql_manager.pyusing theuvtool to perform dataset management tasks. - [EXTERNAL_DOWNLOADS]: The skill uses
uvto dynamically install Python dependencies specified via PEP 723 inline metadata and retrieves dataset files from the Hugging Face Hub. - [CREDENTIALS_UNSAFE]: The skill requires the
HF_TOKENenvironment variable for authentication during write operations to Hugging Face repositories. - [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection as it processes and queries external datasets that may contain malicious instructions. \n
- Ingestion points: Data is ingested from the Hugging Face Hub via
sql_manager.pyand from user-provided JSON rows indataset_manager.py. \n - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious content within the datasets. \n
- Capability inventory: The skill is capable of writing files to the local system using the
exportcommand and performing network operations via thepush-tocommand. \n - Sanitization: The skill mentions structural JSON validation but does not describe sanitization of the natural language content or SQL queries to prevent injection attacks.
Audit Metadata