huggingface-hub
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides an installation command that fetches a shell script from the official Hugging Face domain ('https://hf.co/cli/install.sh') and pipes it directly to bash.
- [COMMAND_EXECUTION]: The guide includes instructions for various system and repository operations, such as 'hf download', 'hf upload', and managing compute jobs via 'hf jobs uv'.
- [DATA_EXFILTRATION]: The skill describes methods for managing authentication tokens using environment variables ('HF_TOKEN') and CLI commands ('hf auth login'), which involve handling sensitive credentials.
- [PROMPT_INJECTION]: Provides a surface for indirect prompt injection where the agent is instructed to process untrusted data.
- Ingestion points: 'hf datasets sql' (SKILL.md)
- Boundary markers: Absent
- Capability inventory: 'hf download', 'hf upload', 'hf jobs uv' (SKILL.md)
- Sanitization: None mentioned
- [EXTERNAL_DOWNLOADS]: Documents the capability to install third-party extensions from GitHub repositories using the 'hf extensions install' command.
Audit Metadata