The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script scripts/generate_fake_weights.py utilizes transformers.AutoConfig.from_pretrained with the trust_remote_code=True flag enabled. This allows for the loading and execution of custom Python code defined in the model repository. Since the repository ID is an external input, this creates a vector for arbitrary code execution if a user is directed to process a malicious model repo.
[COMMAND_EXECUTION]: The skill uses subprocess.run in scripts/download_weights.py to call CLI tools like hf and modelscope. Additionally, scripts/validate_on_npu.sh performs several shell operations including sourcing user profiles and installing packages via pip. These actions interact with the system's execution environment.
[EXTERNAL_DOWNLOADS]: The skill downloads model weights and metadata from HuggingFace and ModelScope. It also supports user-defined proxy endpoints for HuggingFace, such as hf-mirror.com. While these are established platforms for AI models, the ability to pull and process untrusted remote content is a foundational risk factor for subsequent code execution.

diffusers-ascend-weight-prep