hugging-science
Warn
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's instructions in SKILL.md and references/using-models.md explicitly advise the agent to use the trust_remote_code=True flag when loading certain scientific models from the Hugging Face Hub. This flag enables the execution of arbitrary Python code from the model's repository, which is a significant security risk if the repository is malicious or compromised.
- [COMMAND_EXECUTION]: The skill includes a local Python script, scripts/fetch_catalog.py, which the agent executes to retrieve catalog data. This script utilizes the urllib library to perform network requests to huggingscience.co.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it ingests remote markdown content from huggingscience.co and uses it to guide the agent's decision-making process. The skill lacks explicit boundary markers or sanitization for this external data, and it possesses high-privilege capabilities such as remote code execution via model loading.
- [EXTERNAL_DOWNLOADS]: The skill fetches scientific catalog content and topic definitions from the external domain huggingscience.co via the bundled fetch_catalog.py script.
Audit Metadata