The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the hf_jobs MCP tool to execute arbitrary Python scripts and Docker containers on Hugging Face infrastructure. This is the primary intended function of the skill.
[REMOTE_CODE_EXECUTION]: The scripts scripts/cot-self-instruct.py and scripts/generate-responses.py invoke vllm.LLM with the trust_remote_code=True parameter. This capability allows the execution of custom Python code embedded within Hugging Face Hub model repositories, which could be exploited if a malicious model ID is provided.
[REMOTE_CODE_EXECUTION]: The documentation in references/troubleshooting.md describes and facilitates loading execution scripts directly from remote URLs (e.g., https://huggingface.co/.../raw/main/foo.py). While these references target Hugging Face, a well-known service, they allow the execution of remote code that may not be present in the local skill distribution.
[PROMPT_INJECTION]: There is a vulnerability surface for Indirect Prompt Injection as the skill is designed to process external data. The scripts generate-responses.py and cot-self-instruct.py ingest data from Hugging Face datasets and interpolate it into model prompts without sanitization or clear boundary markers.
Ingestion points: load_dataset() calls in scripts/cot-self-instruct.py and scripts/generate-responses.py.
Boundary markers: Absent; external data is directly formatted into prompts.
Capability inventory: Remote code execution via hf_jobs and Hub write access via HfApi using the provided token.
Sanitization: None; the scripts assume the dataset content is benign.
[DATA_EXFILTRATION]: The skill handles sensitive authentication through the HF_TOKEN. It correctly recommends using the $HF_TOKEN placeholder within a secrets dictionary to ensure the token is handled securely by the platform and encrypted server-side, rather than being exposed in environment variables or logs.

hugging-face-jobs