huggingface_transformers
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists of educational documentation and code snippets following standard machine learning practices. No malicious intent or obfuscated code was found.\n- [EXTERNAL_DOWNLOADS]: The skill contains code patterns to download pre-trained model weights and datasets from well-known and trusted sources.\n
- Evidence:\n
- Downloads models from Hugging Face's official repository using
from_pretrained.\n - Fetches datasets from the Hugging Face Hub using
load_dataset.\n - References models from trusted organizations like Meta (meta-llama) and Google.\n- [PROMPT_INJECTION]: The skill defines a vulnerability surface for indirect prompt injection in its FastAPI deployment example, which is standard for NLP APIs.\n
- Ingestion points: The
/classifyendpoint in the FastAPI serving pattern (SKILL.md) accepts external text viaTextInput.\n - Boundary markers: Absent in the example code; input is passed directly to the classifier pipeline.\n
- Capability inventory: The ingested text is processed by a Hugging Face pipeline for classification.\n
- Sanitization: Not present in the educational boilerplate code.
Audit Metadata