hugging-face-evaluation
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were identified. The skill performs its intended functions using standard ML libraries and maintains clear documentation for secure operational workflows.
- [COMMAND_EXECUTION]: The skill uses
uv runto execute bundled Python scripts for managing model metadata and submitting evaluation jobs. These operations are restricted to the local environment or authorized Hugging Face Jobs infrastructure. - [EXTERNAL_DOWNLOADS]: Fetches and installs machine learning dependencies (e.g., vLLM, lighteval, transformers) from official package registries. All external references target well-known organizations and reputable services.
- [SAFE]: Credential management for
HF_TOKENandAA_API_KEYfollows industry best practices by utilizing environment variables and.envfiles rather than hardcoding sensitive information.
Audit Metadata