The Agent Skills Directory

API Token Management: The skill requires HF_TOKEN and AA_API_KEY for its operations. Documentation correctly instructs users to manage these via environment variables or .env files rather than hardcoding them, following standard security practices.
External Data Ingestion: The workflow fetches content from Hugging Face model cards (READMEs), the Artificial Analysis API, and academic papers via arXiv. This represents a potential surface for indirect prompt injection, as the agent processes untrusted text from external authors to extract scores. The implementation uses regular expressions and normalization to mitigate parsing errors.
Command Line Operations: The skill utilizes the Hugging Face CLI (hf) and uv for script execution and PR management. These operations are conducted within the /tmp/ directory and use standard authentication mechanisms.
Automated Script Execution: Several Python scripts are included to automate data mapping and PR creation. These scripts use well-known dependencies (like requests, pyyaml, and huggingface-hub) and are intended to be run in a local environment by the user or an authorized agent.

hugging-face-evaluation