hugging-face-jobs
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a well-documented developer utility for Hugging Face infrastructure. It follows security best practices by recommending the use of encrypted secrets (placeholders) rather than hardcoding credentials or environment variables.
- [REMOTE_CODE_EXECUTION]: The core functionality of the skill involves the
hf_jobstool, which is designed to execute Python scripts and shell commands on remote Hugging Face infrastructure. This is the intended and legitimate purpose of the skill. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download of machine learning models and datasets from the Hugging Face Hub, which is a trusted service for AI development. It also provides examples of running scripts directly from official GitHub and Hugging Face repositories.
- [CREDENTIALS_SAFE]: The documentation explicitly warns against token exposure and provides secure patterns for managing the
HF_TOKEN, including automatic replacement via the MCP tool environment.
Audit Metadata