hugging-science
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill promotes secure credential management by instructing the agent to load the HF_TOKEN from environment variables or .env files rather than hardcoding or echoing secrets.
- [SAFE]: Network requests performed by the fetch_catalog.py script target the official project domain (huggingscience.co) and the Hugging Face Hub, utilizing input sanitization on topic slugs to prevent path traversal or URL manipulation.
- [SAFE]: The skill proactively addresses the security risks associated with the trust_remote_code=True parameter in the transformers library; it correctly identifies this as a requirement for custom scientific architectures and instructs the agent to inform the user about the execution of remote code before proceeding.
Audit Metadata