diff --git a/skills/hf-cli/spec.yaml b/skills/hf-cli/spec.yaml
index 2971236d..542fea8e 100644
--- a/skills/hf-cli/spec.yaml
+++ b/skills/hf-cli/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/huggingface/skills"
-  ref: "061ab494cb145f43ae8f218939b99160e2c61c58"  # main as of 2026-04-16
+  ref: "acd2bf5a7126994e15143bec061fe87a882811f3"  # main as of 2026-04-16
   path: "skills/hf-cli"
   version: "0.1.0"
 
@@ -23,3 +23,22 @@ security:
       reason: "huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter."
     - rule_id: PIPELINE_TAINT_FLOW
       reason: "The skill's prerequisites cite the official `hf` CLI installer (`curl -LsSf https://hf.co/cli/install.sh | bash`) and the `hf-mount` installer (`curl -fsSL https://raw.githubusercontent.com/huggingface/hf-mount/main/install.sh | sh`) as documented install commands. The scanner itself flags both as 'instructional install text in SKILL.md'."
+    - rule_id: ATR_HIGH_RISK_TOOL_GATE
+      reason: |
+        False positive - matches on the word `delete` in SKILL.md, where the
+        skill documents official `hf` CLI subcommands (e.g., `hf repos delete`,
+        `hf buckets delete`, `hf repos delete-files`, `hf spaces volumes delete`,
+        `hf webhooks delete`, `hf endpoints delete`). These are documented
+        Hugging Face CLI subcommands a user explicitly invokes against their own
+        HF account, not autonomous high-risk tool calls. Verified at digest
+        acd2bf5a7126994e15143bec061fe87a882811f3.
+    - rule_id: ATR_MCP_MALICIOUS_RESPONSE
+      reason: |
+        Same root cause as PIPELINE_TAINT_FLOW above - matches the official
+        `hf` CLI installer (`curl -LsSf https://hf.co/cli/install.sh | bash`,
+        SKILL.md:1) and the `hf-mount` installer
+        (`curl -fsSL https://raw.githubusercontent.com/huggingface/hf-mount/main/install.sh | sh`,
+        SKILL.md:180). These are documented install commands hard-coded in
+        SKILL.md, not MCP tool responses. Both endpoints are official Hugging
+        Face installer URLs. Verified at digest
+        acd2bf5a7126994e15143bec061fe87a882811f3.
diff --git a/skills/hf-mcp/spec.yaml b/skills/hf-mcp/spec.yaml
index d7e0ce25..4b7c1c27 100644
--- a/skills/hf-mcp/spec.yaml
+++ b/skills/hf-mcp/spec.yaml
@@ -11,7 +11,7 @@ metadata:
 
 spec:
   repository: "https://github.com/huggingface/skills"
-  ref: "061ab494cb145f43ae8f218939b99160e2c61c58"  # main as of 2026-04-16
+  ref: "acd2bf5a7126994e15143bec061fe87a882811f3"  # main as of 2026-04-16
   path: "hf-mcp/skills/hf-mcp"
   version: "0.1.0"
 
diff --git a/skills/huggingface-community-evals/spec.yaml b/skills/huggingface-community-evals/spec.yaml
index 6edf6622..32380489 100644
--- a/skills/huggingface-community-evals/spec.yaml
+++ b/skills/huggingface-community-evals/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/huggingface/skills"
-  ref: "061ab494cb145f43ae8f218939b99160e2c61c58"  # main as of 2026-04-16
+  ref: "acd2bf5a7126994e15143bec061fe87a882811f3"  # main as of 2026-04-16
   path: "skills/huggingface-community-evals"
   version: "0.1.0"
 
diff --git a/skills/huggingface-datasets/spec.yaml b/skills/huggingface-datasets/spec.yaml
index 4aa75ab5..29732fb6 100644
--- a/skills/huggingface-datasets/spec.yaml
+++ b/skills/huggingface-datasets/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/huggingface/skills"
-  ref: "061ab494cb145f43ae8f218939b99160e2c61c58"  # main as of 2026-04-16
+  ref: "acd2bf5a7126994e15143bec061fe87a882811f3"  # main as of 2026-04-16
   path: "skills/huggingface-datasets"
   version: "0.1.0"
 
diff --git a/skills/huggingface-gradio/spec.yaml b/skills/huggingface-gradio/spec.yaml
index 9db903e6..c4fda386 100644
--- a/skills/huggingface-gradio/spec.yaml
+++ b/skills/huggingface-gradio/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/huggingface/skills"
-  ref: "061ab494cb145f43ae8f218939b99160e2c61c58"  # main as of 2026-04-16
+  ref: "acd2bf5a7126994e15143bec061fe87a882811f3"  # main as of 2026-04-16
   path: "skills/huggingface-gradio"
   version: "0.1.0"
 
diff --git a/skills/huggingface-llm-trainer/spec.yaml b/skills/huggingface-llm-trainer/spec.yaml
index e52bd1d3..d5d4ae2e 100644
--- a/skills/huggingface-llm-trainer/spec.yaml
+++ b/skills/huggingface-llm-trainer/spec.yaml
@@ -12,7 +12,7 @@ metadata:
 
 spec:
   repository: "https://github.com/huggingface/skills"
-  ref: "061ab494cb145f43ae8f218939b99160e2c61c58"  # main as of 2026-04-16
+  ref: "acd2bf5a7126994e15143bec061fe87a882811f3"  # main as of 2026-04-16
   path: "skills/huggingface-llm-trainer"
   version: "0.1.0"
 
@@ -32,3 +32,25 @@ security:
       reason: "The bundled `scripts/convert_to_gguf.py` references `sudo apt-get install` / `sudo yum install` for optional system packages (build tools) when converting trained models to GGUF format. These run in ephemeral HF Jobs containers, not on the user's host. The script is HF-authored and documented in SKILL.md."
     - rule_id: DATA_EXFIL_NETWORK_REQUESTS
       reason: "Bundled helper scripts (`scripts/dataset_inspector.py`, `scripts/hf_benchmarks.py`) use `urllib.request` to query the public Hugging Face Hub API for dataset validation and benchmark lookups — documented workflow steps required by the skill."
+    - rule_id: BEHAVIOR_ENV_VAR_EXFILTRATION
+      reason: |
+        False positive - matches `scripts/hf_benchmarks.py` reading `HF_TOKEN`
+        from env (line 122) and using it to authenticate `urllib.request` calls.
+        The destination URL is hardcoded to `BASE_URL = "https://huggingface.co"`
+        — the same domain that issues HF_TOKEN. This is the standard, intended
+        HF API authentication pattern, not credential exfiltration. Verified at
+        digest acd2bf5a7126994e15143bec061fe87a882811f3.
+    - rule_id: BEHAVIOR_CROSSFILE_ENV_VAR_EXFILTRATION
+      reason: |
+        False positive - same root cause as BEHAVIOR_ENV_VAR_EXFILTRATION.
+        `scripts/unsloth_sft_example.py` and `scripts/hf_benchmarks.py` both
+        read HF_TOKEN/hfjob env vars and make network calls to huggingface.co
+        for legitimate API usage (training job submission, benchmark queries).
+        No data leaves the HF ecosystem. Verified at digest
+        acd2bf5a7126994e15143bec061fe87a882811f3.
+    - rule_id: BEHAVIOR_CROSSFILE_EXFILTRATION_CHAIN
+      reason: |
+        False positive - the alleged "chain" is two HF helper scripts each
+        calling the public Hugging Face Hub API with HF_TOKEN auth. There is
+        no third-party transmission; both source and sink are huggingface.co.
+        Verified at digest acd2bf5a7126994e15143bec061fe87a882811f3.
diff --git a/skills/huggingface-paper-publisher/spec.yaml b/skills/huggingface-paper-publisher/spec.yaml
index 5a26501c..0c556f7e 100644
--- a/skills/huggingface-paper-publisher/spec.yaml
+++ b/skills/huggingface-paper-publisher/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/huggingface/skills"
-  ref: "061ab494cb145f43ae8f218939b99160e2c61c58"  # main as of 2026-04-16
+  ref: "acd2bf5a7126994e15143bec061fe87a882811f3"  # main as of 2026-04-16
   path: "skills/huggingface-paper-publisher"
   version: "0.1.0"
 
@@ -27,3 +27,20 @@ security:
       reason: "The skill uses network access through its bundled `paper_manager.py` script (as its documented workflow), but does not declare an explicit network-access tool in frontmatter. All network calls target the public Hugging Face Hub API documented in the SKILL.md."
     - rule_id: FILE_MAGIC_MISMATCH
       reason: "`templates/modern.md` is a paper template that legitimately uses Handlebars-style `{{}}` substitution syntax. Magika detects the Handlebars markers and flags the format mismatch; the file is plain text documentation and safe."
+    - rule_id: BEHAVIOR_ENV_VAR_EXFILTRATION
+      reason: |
+        False positive - matches `scripts/paper_manager.py` reading `HF_TOKEN`
+        (line 44) and making `requests.get()` calls to
+        `https://huggingface.co/papers/{arxiv_id}` (lines 69, 98, 179, 215) and
+        `https://export.arxiv.org/api/query` (line 352, no token sent). This
+        is the standard, intended HF API auth pattern — token issued by
+        huggingface.co is sent back to huggingface.co. Source domain == sink
+        domain. Verified at digest acd2bf5a7126994e15143bec061fe87a882811f3.
+    - rule_id: BEHAVIOR_CROSSFILE_ENV_VAR_EXFILTRATION
+      reason: |
+        False positive - same root cause as BEHAVIOR_ENV_VAR_EXFILTRATION
+        above. The "crossfile" detection is from `paper_manager.py` reading
+        env vars and triggering its own network helpers within the same file/
+        module. All network destinations are huggingface.co or
+        export.arxiv.org. Verified at digest
+        acd2bf5a7126994e15143bec061fe87a882811f3.
diff --git a/skills/huggingface-papers/spec.yaml b/skills/huggingface-papers/spec.yaml
index bfe0e373..726b0f22 100644
--- a/skills/huggingface-papers/spec.yaml
+++ b/skills/huggingface-papers/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/huggingface/skills"
-  ref: "061ab494cb145f43ae8f218939b99160e2c61c58"  # main as of 2026-04-16
+  ref: "acd2bf5a7126994e15143bec061fe87a882811f3"  # main as of 2026-04-16
   path: "skills/huggingface-papers"
   version: "0.1.0"
 
diff --git a/skills/huggingface-tool-builder/spec.yaml b/skills/huggingface-tool-builder/spec.yaml
index e45ca505..46a1b9a6 100644
--- a/skills/huggingface-tool-builder/spec.yaml
+++ b/skills/huggingface-tool-builder/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/huggingface/skills"
-  ref: "061ab494cb145f43ae8f218939b99160e2c61c58"  # main as of 2026-04-16
+  ref: "acd2bf5a7126994e15143bec061fe87a882811f3"  # main as of 2026-04-16
   path: "skills/huggingface-tool-builder"
   version: "0.1.0"
 
diff --git a/skills/huggingface-trackio/spec.yaml b/skills/huggingface-trackio/spec.yaml
index e18375ab..c640c69d 100644
--- a/skills/huggingface-trackio/spec.yaml
+++ b/skills/huggingface-trackio/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/huggingface/skills"
-  ref: "061ab494cb145f43ae8f218939b99160e2c61c58"  # main as of 2026-04-16
+  ref: "acd2bf5a7126994e15143bec061fe87a882811f3"  # main as of 2026-04-16
   path: "skills/huggingface-trackio"
   version: "0.1.0"
 
diff --git a/skills/huggingface-vision-trainer/spec.yaml b/skills/huggingface-vision-trainer/spec.yaml
index f61e6020..2031d20d 100644
--- a/skills/huggingface-vision-trainer/spec.yaml
+++ b/skills/huggingface-vision-trainer/spec.yaml
@@ -11,7 +11,7 @@ metadata:
 
 spec:
   repository: "https://github.com/huggingface/skills"
-  ref: "061ab494cb145f43ae8f218939b99160e2c61c58"  # main as of 2026-04-16
+  ref: "acd2bf5a7126994e15143bec061fe87a882811f3"  # main as of 2026-04-16
   path: "skills/huggingface-vision-trainer"
   version: "0.1.0"
 
diff --git a/skills/transformers-js/spec.yaml b/skills/transformers-js/spec.yaml
index 23752663..bf4360f3 100644
--- a/skills/transformers-js/spec.yaml
+++ b/skills/transformers-js/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/huggingface/skills"
-  ref: "061ab494cb145f43ae8f218939b99160e2c61c58"  # main as of 2026-04-16
+  ref: "acd2bf5a7126994e15143bec061fe87a882811f3"  # main as of 2026-04-16
   path: "skills/transformers-js"
   version: "0.1.0"