hugging-science
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it fetches and processes external markdown content from a remote catalog.
- Ingestion points: Content is retrieved from huggingscience.co via the scripts/fetch_catalog.py script.
- Boundary markers: The instructions do not define explicit delimiters or 'ignore' instructions for data processed from the external catalog.
- Capability inventory: The agent is authorized to execute bundled scripts, perform network requests, and load machine learning models with remote code execution capabilities.
- Sanitization: The parsing logic in scripts/fetch_catalog.py extracts metadata using regular expressions but does not sanitize the natural language description fields which could contain embedded instructions.
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to enable trust_remote_code=True when loading certain model architectures from the Hugging Face Hub. This is a common requirement for custom architectures but represents a risk as it allows the execution of arbitrary Python code from the remote repository. The skill mitigates this by instructing the agent to inform the user before setting the flag.
- [EXTERNAL_DOWNLOADS]: The fetch_catalog.py script fetches resource metadata from the huggingscience.co domain to update the agent's internal list of scientific resources.
- [DATA_EXFILTRATION]: The skill provides clear instructions for managing sensitive Hugging Face API tokens using environment files. This follows industry-standard security practices to prevent the hard-coding or accidental exposure of credentials.
Audit Metadata