hugging-face-vision-trainer
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides structured templates and helper scripts for a legitimate development workflow (machine learning model training). The instructions emphasize security best practices, such as using encrypted secrets for authentication tokens and validating datasets before execution.
- [EXTERNAL_DOWNLOADS]: The training scripts and inspectors fetch data and model weights from official Hugging Face domains (huggingface.co, datasets-server.huggingface.co). These are well-known, trusted services for the AI community.
- [COMMAND_EXECUTION]: The skill facilitates the execution of Python scripts on remote Hugging Face Jobs infrastructure. This is the primary intended function of the skill and is triggered through official Hugging Face APIs and MCP tools.
- [CREDENTIALS_SAFE]: Sensitive tokens (HF_TOKEN) are managed via standard environment variables and platform-specific secret management (Hugging Face Jobs secrets). The skill provides clear instructions on how to handle these credentials securely, avoiding hardcoded secrets or unsafe exposures.
Audit Metadata