huggingface-hub

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides an installation command that fetches a shell script from the official Hugging Face domain ('https://hf.co/cli/install.sh') and pipes it directly to bash.
  • [COMMAND_EXECUTION]: The guide includes instructions for various system and repository operations, such as 'hf download', 'hf upload', and managing compute jobs via 'hf jobs uv'.
  • [DATA_EXFILTRATION]: The skill describes methods for managing authentication tokens using environment variables ('HF_TOKEN') and CLI commands ('hf auth login'), which involve handling sensitive credentials.
  • [PROMPT_INJECTION]: Provides a surface for indirect prompt injection where the agent is instructed to process untrusted data.
  • Ingestion points: 'hf datasets sql' (SKILL.md)
  • Boundary markers: Absent
  • Capability inventory: 'hf download', 'hf upload', 'hf jobs uv' (SKILL.md)
  • Sanitization: None mentioned
  • [EXTERNAL_DOWNLOADS]: Documents the capability to install third-party extensions from GitHub repositories using the 'hf extensions install' command.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:45 PM
Security Audit — agent-trust-hub — huggingface-hub