hugging-science
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [SAFE]: The skill implements secure credential management by instructing the agent to load sensitive API tokens from environment files (.env) and explicitly warns against hardcoding or echoing secrets.
- [EXTERNAL_DOWNLOADS]: Fetches scientific catalog metadata and resource pointers from the author's official domain (huggingscience.co) using standard library methods.
- [REMOTE_CODE_EXECUTION]: Instructs the agent on the use of the
trust_remote_code=Trueparameter within Hugging Face libraries to support custom scientific model architectures. This pattern is documented with appropriate warnings for the user regarding the execution of third-party repository code.
Audit Metadata