The Agent Skills Directory

[Command Execution]: The skill executes several local shell commands and scripts to manage deployments. This includes standard utilities like hf, jq, curl, and uv, as well as project-specific scripts such as scripts/prepare_hf_deployment.sh and scripts/manage_hf_collection.py (found in SKILL.md and references/troubleshooting.md). These are used to automate deployment and reconciliation tasks.
[Information Ingestion Surface]: The skill reads external data from the Hugging Face API, including event streams, metrics, and runtime error messages (e.g., in SKILL.md step 3). This introduces a potential surface for indirect prompt injection if an attacker-controlled Space provides malicious logs, although the risk is categorized as low in this context.
Ingestion points: hf spaces info, curl .../events, and curl .../metrics (SKILL.md).
Boundary markers: None explicitly defined for the output of these commands.
Capability inventory: hf repo delete, restart_space (via huggingface_hub), and scripts/prepare_hf_deployment.sh (SKILL.md).
Sanitization: The skill does not implement specific sanitization or escaping for the data fetched from the runtime APIs.
[Administrative Actions]: The skill includes instructions to restart Spaces and, as a last resort, delete and recreate repositories (hf repo delete in SKILL.md). These are powerful administrative functions appropriate for the stated goal of recovering stuck environments.
[External API Interaction]: Network operations are performed against official Hugging Face domains (huggingface.co, hf.space) to retrieve telemetry and status information. These operations use standard security practices like timeouts and limited output processing (sed -n '1,140p').

hf-space-recovery