huggingface-import
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill documents interactions with
https://api.coval.dev/v1, which is the official API for the Coval platform (the skill author). These operations are intended for fetching configuration and uploading test sets. - [COMMAND_EXECUTION]: The example script
examples/huggingface-import.pyuses thepathlibandcsvmodules to create directories and write files to the local filesystem. This is required to generate the output CSV files described in the workflow. - [EXTERNAL_DOWNLOADS]: The skill references several well-known datasets hosted on HuggingFace, such as
cais/mmluandopenai/gsm8k. These are industry-standard benchmarks used for AI evaluation. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) because it processes untrusted data from external sources.
- Ingestion points: HuggingFace repositories, spaces, or datasets specified by the user or provided in
$ARGUMENTS. - Boundary markers: None identified in the workflow or the generated CSV structure.
- Capability inventory: The skill can write files to the local disk and send data to the Coval API.
- Sanitization: The skill does not currently implement or instruct the user on sanitization of the imported dataset content before conversion.
Audit Metadata