Skip to content

chore(deps): update huggingface/skills digest to acd2bf5#548

Merged
rdimitrov merged 4 commits intomainfrom
renovate/huggingface-skills-digest
Apr 27, 2026
Merged

chore(deps): update huggingface/skills digest to acd2bf5#548
rdimitrov merged 4 commits intomainfrom
renovate/huggingface-skills-digest

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 22, 2026
edited
Loading

This PR contains the following updates:

Package Update Change
huggingface/skills digest 061ab49acd2bf5

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 22, 2026
edited
Loading

🛡️ Skill Security Scan Results

✅ hf-cli

  • Status: Passed
  • Findings: 23
  • Allowed (not blocking): 18
    • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: Same root cause as PIPELINE_TAINT_FLOW above - matches the official
      hf CLI installer (curl -LsSf https://hf.co/cli/install.sh | bash,
      SKILL.md:1) and the hf-mount installer
      (curl -fsSL https://raw.githubusercontent.com/huggingface/hf-mount/main/install.sh | sh,
      SKILL.md:180). These are documented install commands hard-coded in
      SKILL.md, not MCP tool responses. Both endpoints are official Hugging
      Face installer URLs. Verified at digest
      acd2bf5a7126994e15143bec061fe87a882811f3.
      )
    • PIPELINE_TAINT_FLOW (Allowed: The skill's prerequisites cite the official hf CLI installer (curl -LsSf https://hf.co/cli/install.sh | bash) and the hf-mount installer (curl -fsSL https://raw.githubusercontent.com/huggingface/hf-mount/main/install.sh | sh) as documented install commands. The scanner itself flags both as 'instructional install text in SKILL.md'.)
    • PIPELINE_TAINT_FLOW (Allowed: The skill's prerequisites cite the official hf CLI installer (curl -LsSf https://hf.co/cli/install.sh | bash) and the hf-mount installer (curl -fsSL https://raw.githubusercontent.com/huggingface/hf-mount/main/install.sh | sh) as documented install commands. The scanner itself flags both as 'instructional install text in SKILL.md'.)
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in SKILL.md, where the
      skill documents official hf CLI subcommands (e.g., hf repos delete,
      hf buckets delete, hf repos delete-files, hf spaces volumes delete,
      hf webhooks delete, hf endpoints delete). These are documented
      Hugging Face CLI subcommands a user explicitly invokes against their own
      HF account, not autonomous high-risk tool calls. Verified at digest
      acd2bf5a7126994e15143bec061fe87a882811f3.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in SKILL.md, where the
      skill documents official hf CLI subcommands (e.g., hf repos delete,
      hf buckets delete, hf repos delete-files, hf spaces volumes delete,
      hf webhooks delete, hf endpoints delete). These are documented
      Hugging Face CLI subcommands a user explicitly invokes against their own
      HF account, not autonomous high-risk tool calls. Verified at digest
      acd2bf5a7126994e15143bec061fe87a882811f3.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in SKILL.md, where the
      skill documents official hf CLI subcommands (e.g., hf repos delete,
      hf buckets delete, hf repos delete-files, hf spaces volumes delete,
      hf webhooks delete, hf endpoints delete). These are documented
      Hugging Face CLI subcommands a user explicitly invokes against their own
      HF account, not autonomous high-risk tool calls. Verified at digest
      acd2bf5a7126994e15143bec061fe87a882811f3.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in SKILL.md, where the
      skill documents official hf CLI subcommands (e.g., hf repos delete,
      hf buckets delete, hf repos delete-files, hf spaces volumes delete,
      hf webhooks delete, hf endpoints delete). These are documented
      Hugging Face CLI subcommands a user explicitly invokes against their own
      HF account, not autonomous high-risk tool calls. Verified at digest
      acd2bf5a7126994e15143bec061fe87a882811f3.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in SKILL.md, where the
      skill documents official hf CLI subcommands (e.g., hf repos delete,
      hf buckets delete, hf repos delete-files, hf spaces volumes delete,
      hf webhooks delete, hf endpoints delete). These are documented
      Hugging Face CLI subcommands a user explicitly invokes against their own
      HF account, not autonomous high-risk tool calls. Verified at digest
      acd2bf5a7126994e15143bec061fe87a882811f3.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in SKILL.md, where the
      skill documents official hf CLI subcommands (e.g., hf repos delete,
      hf buckets delete, hf repos delete-files, hf spaces volumes delete,
      hf webhooks delete, hf endpoints delete). These are documented
      Hugging Face CLI subcommands a user explicitly invokes against their own
      HF account, not autonomous high-risk tool calls. Verified at digest
      acd2bf5a7126994e15143bec061fe87a882811f3.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in SKILL.md, where the
      skill documents official hf CLI subcommands (e.g., hf repos delete,
      hf buckets delete, hf repos delete-files, hf spaces volumes delete,
      hf webhooks delete, hf endpoints delete). These are documented
      Hugging Face CLI subcommands a user explicitly invokes against their own
      HF account, not autonomous high-risk tool calls. Verified at digest
      acd2bf5a7126994e15143bec061fe87a882811f3.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in SKILL.md, where the
      skill documents official hf CLI subcommands (e.g., hf repos delete,
      hf buckets delete, hf repos delete-files, hf spaces volumes delete,
      hf webhooks delete, hf endpoints delete). These are documented
      Hugging Face CLI subcommands a user explicitly invokes against their own
      HF account, not autonomous high-risk tool calls. Verified at digest
      acd2bf5a7126994e15143bec061fe87a882811f3.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in SKILL.md, where the
      skill documents official hf CLI subcommands (e.g., hf repos delete,
      hf buckets delete, hf repos delete-files, hf spaces volumes delete,
      hf webhooks delete, hf endpoints delete). These are documented
      Hugging Face CLI subcommands a user explicitly invokes against their own
      HF account, not autonomous high-risk tool calls. Verified at digest
      acd2bf5a7126994e15143bec061fe87a882811f3.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in SKILL.md, where the
      skill documents official hf CLI subcommands (e.g., hf repos delete,
      hf buckets delete, hf repos delete-files, hf spaces volumes delete,
      hf webhooks delete, hf endpoints delete). These are documented
      Hugging Face CLI subcommands a user explicitly invokes against their own
      HF account, not autonomous high-risk tool calls. Verified at digest
      acd2bf5a7126994e15143bec061fe87a882811f3.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in SKILL.md, where the
      skill documents official hf CLI subcommands (e.g., hf repos delete,
      hf buckets delete, hf repos delete-files, hf spaces volumes delete,
      hf webhooks delete, hf endpoints delete). These are documented
      Hugging Face CLI subcommands a user explicitly invokes against their own
      HF account, not autonomous high-risk tool calls. Verified at digest
      acd2bf5a7126994e15143bec061fe87a882811f3.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in SKILL.md, where the
      skill documents official hf CLI subcommands (e.g., hf repos delete,
      hf buckets delete, hf repos delete-files, hf spaces volumes delete,
      hf webhooks delete, hf endpoints delete). These are documented
      Hugging Face CLI subcommands a user explicitly invokes against their own
      HF account, not autonomous high-risk tool calls. Verified at digest
      acd2bf5a7126994e15143bec061fe87a882811f3.
      )
    • ATR_HIGH_RISK_TOOL_GATE (Allowed: False positive - matches on the word delete in SKILL.md, where the
      skill documents official hf CLI subcommands (e.g., hf repos delete,
      hf buckets delete, hf repos delete-files, hf spaces volumes delete,
      hf webhooks delete, hf endpoints delete). These are documented
      Hugging Face CLI subcommands a user explicitly invokes against their own
      HF account, not autonomous high-risk tool calls. Verified at digest
      acd2bf5a7126994e15143bec061fe87a882811f3.
      )
    • ATR_MCP_MALICIOUS_RESPONSE (Allowed: Same root cause as PIPELINE_TAINT_FLOW above - matches the official
      hf CLI installer (curl -LsSf https://hf.co/cli/install.sh | bash,
      SKILL.md:1) and the hf-mount installer
      (curl -fsSL https://raw.githubusercontent.com/huggingface/hf-mount/main/install.sh | sh,
      SKILL.md:180). These are documented install commands hard-coded in
      SKILL.md, not MCP tool responses. Both endpoints are official Hugging
      Face installer URLs. Verified at digest
      acd2bf5a7126994e15143bec061fe87a882811f3.
      )

✅ hf-mcp

  • Status: Passed
  • Findings: 6
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ huggingface-community-evals

  • Status: Passed
  • Findings: 4
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ huggingface-datasets

  • Status: Passed
  • Findings: 5
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ huggingface-gradio

  • Status: Passed
  • Findings: 4
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ huggingface-llm-trainer

  • Status: Passed
  • Findings: 15
  • Allowed (not blocking): 9
    • TOOL_ABUSE_SYSTEM_PACKAGE_INSTALL (Allowed: The bundled scripts/convert_to_gguf.py references sudo apt-get install / sudo yum install for optional system packages (build tools) when converting trained models to GGUF format. These run in ephemeral HF Jobs containers, not on the user's host. The script is HF-authored and documented in SKILL.md.)
    • TOOL_ABUSE_SYSTEM_PACKAGE_INSTALL (Allowed: The bundled scripts/convert_to_gguf.py references sudo apt-get install / sudo yum install for optional system packages (build tools) when converting trained models to GGUF format. These run in ephemeral HF Jobs containers, not on the user's host. The script is HF-authored and documented in SKILL.md.)
    • TOOL_ABUSE_SYSTEM_PACKAGE_INSTALL (Allowed: The bundled scripts/convert_to_gguf.py references sudo apt-get install / sudo yum install for optional system packages (build tools) when converting trained models to GGUF format. These run in ephemeral HF Jobs containers, not on the user's host. The script is HF-authored and documented in SKILL.md.)
    • TOOL_ABUSE_SYSTEM_PACKAGE_INSTALL (Allowed: The bundled scripts/convert_to_gguf.py references sudo apt-get install / sudo yum install for optional system packages (build tools) when converting trained models to GGUF format. These run in ephemeral HF Jobs containers, not on the user's host. The script is HF-authored and documented in SKILL.md.)
    • TOOL_ABUSE_SYSTEM_PACKAGE_INSTALL (Allowed: The bundled scripts/convert_to_gguf.py references sudo apt-get install / sudo yum install for optional system packages (build tools) when converting trained models to GGUF format. These run in ephemeral HF Jobs containers, not on the user's host. The script is HF-authored and documented in SKILL.md.)
    • TOOL_ABUSE_SYSTEM_PACKAGE_INSTALL (Allowed: The bundled scripts/convert_to_gguf.py references sudo apt-get install / sudo yum install for optional system packages (build tools) when converting trained models to GGUF format. These run in ephemeral HF Jobs containers, not on the user's host. The script is HF-authored and documented in SKILL.md.)
    • DATA_EXFIL_NETWORK_REQUESTS (Allowed: Bundled helper scripts (scripts/dataset_inspector.py, scripts/hf_benchmarks.py) use urllib.request to query the public Hugging Face Hub API for dataset validation and benchmark lookups — documented workflow steps required by the skill.)
    • DATA_EXFIL_NETWORK_REQUESTS (Allowed: Bundled helper scripts (scripts/dataset_inspector.py, scripts/hf_benchmarks.py) use urllib.request to query the public Hugging Face Hub API for dataset validation and benchmark lookups — documented workflow steps required by the skill.)
    • DATA_EXFIL_NETWORK_REQUESTS (Allowed: Bundled helper scripts (scripts/dataset_inspector.py, scripts/hf_benchmarks.py) use urllib.request to query the public Hugging Face Hub API for dataset validation and benchmark lookups — documented workflow steps required by the skill.)

✅ huggingface-paper-publisher

  • Status: Passed
  • Findings: 6
  • Allowed (not blocking): 2
    • TOOL_ABUSE_UNDECLARED_NETWORK (Allowed: The skill uses network access through its bundled paper_manager.py script (as its documented workflow), but does not declare an explicit network-access tool in frontmatter. All network calls target the public Hugging Face Hub API documented in the SKILL.md.)
    • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ huggingface-papers

  • Status: Passed
  • Findings: 4
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ huggingface-tool-builder

  • Status: Passed
  • Findings: 5
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ huggingface-trackio

  • Status: Passed
  • Findings: 5
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ huggingface-vision-trainer

  • Status: Passed
  • Findings: 7
  • Allowed (not blocking): 1
    • DATA_EXFIL_NETWORK_REQUESTS (Allowed: The bundled scripts/dataset_inspector.py uses urllib.request.urlopen() to query the public Hugging Face Hub API for dataset format validation — a documented workflow step required before launching GPU training.)

✅ transformers-js

  • Status: Passed
  • Findings: 2

Summary: Scanned 12 skill(s), all passed security checks. ✅

@renovate renovate Bot changed the title chore(deps): update huggingface/skills digest to 221f5f7 chore(deps): update huggingface/skills digest to ddcf680 Apr 23, 2026
@renovate renovate Bot force-pushed the renovate/huggingface-skills-digest branch from 1b8eb26 to f1863b3 Compare April 23, 2026 13:43
@renovate renovate Bot changed the title chore(deps): update huggingface/skills digest to ddcf680 chore(deps): update huggingface/skills digest to acd2bf5 Apr 27, 2026
@renovate renovate Bot force-pushed the renovate/huggingface-skills-digest branch 2 times, most recently from 8c75275 to 8e78409 Compare April 27, 2026 11:46
@renovate renovate Bot force-pushed the renovate/huggingface-skills-digest branch from 8e78409 to 5698a43 Compare April 27, 2026 12:12
JAORMX added 3 commits April 27, 2026 15:38
@JAORMX
security(hf-skills): allowlist FP findings on hf-cli and huggingface-…
b4b708d 
…llm-trainer

- hf-cli: ATR_HIGH_RISK_TOOL_GATE matches 'delete' in documented hf CLI
  subcommands (hf repos delete, hf buckets delete, etc.) — same FP as
  Firebase/Datadog CLI skills.
- huggingface-llm-trainer: behavioral env-var-exfiltration findings (single
  and crossfile) match HF helper scripts that read HF_TOKEN and call
  huggingface.co — the legitimate auth pattern. Verified scripts hardcode
  BASE_URL='https://huggingface.co', so source==sink.
@JAORMX
security(hf-cli): allowlist ATR_MCP_MALICIOUS_RESPONSE for documented…
2074990 
… installers

Same root cause as PIPELINE_TAINT_FLOW already allowlisted - matches the
official hf and hf-mount installer commands in SKILL.md.
@JAORMX
security(huggingface-paper-publisher): allowlist BEHAVIOR_*_ENV_VAR_E…
d927d3e 
…XFILTRATION FPs

Same root cause as huggingface-llm-trainer: scripts/paper_manager.py reads
HF_TOKEN and calls huggingface.co (token issuer == network destination).
The crossfile/single-file detections both flag this benign HF API auth.
@rdimitrov rdimitrov merged commit 48f5119 into main Apr 27, 2026
41 checks passed
@rdimitrov rdimitrov deleted the renovate/huggingface-skills-digest branch April 27, 2026 14:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rdimitrov rdimitrov rdimitrov approved these changes

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rdimitrov @JAORMX