HuggingFace Model Download
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill facilitates downloads from HuggingFace, which is a trusted external source. It utilizes the official 'huggingface_hub' package, which is maintained by a trusted organization.
- [COMMAND_EXECUTION] (SAFE): The commands provided use 'uv run' to execute the HuggingFace CLI tools. This is a recommended practice for secure and reproducible tool execution without requiring global installations.
- [CREDENTIALS_UNSAFE] (SAFE): While the skill mentions the 'HF_TOKEN' environment variable, it does so to explain how the official tool handles authentication for gated models. No credentials are hardcoded or exfiltrated.
Audit Metadata