The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local scripts and system tools to manage environment lifecycles. Evidence includes calls to scripts/prepare_hf_deployment.sh, scripts/manage_hf_collection.py, hf spaces ls, and uv run openenv validate. These operations are consistent with the skill's stated purpose of deployment recovery.
[EXTERNAL_DOWNLOADS]: The skill fetches data from Hugging Face's official API endpoints (huggingface.co) to monitor space health, event logs, and metrics. It also utilizes the uv tool to dynamically load the huggingface_hub Python library from a standard registry for administrative operations.
[REMOTE_CODE_EXECUTION]: While the skill executes Python snippets via a heredoc (e.g., `uv run ... python
<<'PY'), the code is statically defined within the skill and does not incorporate untrusted external input into the execution flow. It is used exclusively for authorized space management tasks via the official HfApi`.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it reads external data sources (Hugging Face event logs and metrics) and presents them to the agent.
Ingestion points: hf spaces info, curl .../events, and curl .../metrics (SKILL.md, references/troubleshooting.md).
Boundary markers: Absent.
Capability inventory: File-write via deployment scripts, repository deletion, and space restarts (SKILL.md).
Sanitization: No explicit filtering or sanitization of external log content is observed.
Assessment: This is a low-risk diagnostic surface common in troubleshooting workflows.

hf-space-recovery