chore(deps): update huggingface/skills digest to 904a2f9

[renovate]

This PR contains the following updates:

Package	Update	Change
huggingface/skills	digest	3bd0f8b → 904a2f9

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🛡️ Skill Security Scan Results

✅ hf-cli

• Status: Passed
• Findings: 5
• Allowed (not blocking): 1
  • PIPELINE_TAINT_FLOW (Allowed: The skill's prerequisites cite the official hf CLI installer (curl -LsSf https://hf.co/cli/install.sh | bash) and the hf-mount installer (curl -fsSL https://raw.githubusercontent.com/huggingface/hf-mount/main/install.sh | sh) as documented install commands. The scanner itself flags both as 'instructional install text in SKILL.md'.)

✅ hf-mcp

• Status: Passed
• Findings: 5
• Allowed (not blocking): 1
  • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ huggingface-community-evals

• Status: Passed
• Findings: 5
• Allowed (not blocking): 1
  • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ huggingface-datasets

• Status: Passed
• Findings: 5
• Allowed (not blocking): 1
  • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ huggingface-gradio

• Status: Passed
• Findings: 4
• Allowed (not blocking): 1
  • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

❌ huggingface-llm-trainer

• Status: Failed
• Findings: 34
• Blocking: 12

Blocking issues:

• [ATR_HIGH_RISK_TOOL_GATE] (HIGH) Pattern detected: Format (references/unsloth.md:183)
• [ATR_MCP_MALICIOUS_RESPONSE] (CRITICAL) Pattern detected: messages: Conversation format with image referenc (references/unsloth.md:187)
• [ATR_MCP_MALICIOUS_RESPONSE] (CRITICAL) Pattern detected: ```python (references/unsloth.md:189)
• [ATR_MCP_MALICIOUS_RESPONSE] (CRITICAL) Pattern detected: ```python (references/unsloth.md:206)
• [ATR_MCP_MALICIOUS_RESPONSE] (CRITICAL) Pattern detected: ```python (references/unsloth.md:221)
• [ATR_MCP_MALICIOUS_RESPONSE] (CRITICAL) Pattern detected: ```python (references/unsloth.md:232)
• [ATR_MCP_MALICIOUS_RESPONSE] (CRITICAL) Pattern detected: ```python (references/unsloth.md:245)
• [ATR_MCP_MALICIOUS_RESPONSE] (CRITICAL) Pattern detected: ```python (references/unsloth.md:258)
• [ATR_MCP_MALICIOUS_RESPONSE] (CRITICAL) Pattern detected: ```python (references/unsloth.md:265)
• [ATR_MCP_MALICIOUS_RESPONSE] (CRITICAL) Pattern detected: scripts/unsloth_sft_example.py for a complete production-ready example that inc (references/unsloth.md:282)
• [ATR_MCP_MALICIOUS_RESPONSE] (CRITICAL) Pattern detected: ```bash (references/unsloth.md:290)
• [ATR_MCP_MALICIOUS_RESPONSE] (CRITICAL) Pattern detected: ```python (references/unsloth.md:298)

Allowlisted (not blocking):

• TOOL_ABUSE_SYSTEM_PACKAGE_INSTALL (Allowed: The bundled scripts/convert_to_gguf.py references sudo apt-get install / sudo yum install for optional system packages (build tools) when converting trained models to GGUF format. These run in ephemeral HF Jobs containers, not on the user's host. The script is HF-authored and documented in SKILL.md.)
• TOOL_ABUSE_SYSTEM_PACKAGE_INSTALL (Allowed: The bundled scripts/convert_to_gguf.py references sudo apt-get install / sudo yum install for optional system packages (build tools) when converting trained models to GGUF format. These run in ephemeral HF Jobs containers, not on the user's host. The script is HF-authored and documented in SKILL.md.)
• TOOL_ABUSE_SYSTEM_PACKAGE_INSTALL (Allowed: The bundled scripts/convert_to_gguf.py references sudo apt-get install / sudo yum install for optional system packages (build tools) when converting trained models to GGUF format. These run in ephemeral HF Jobs containers, not on the user's host. The script is HF-authored and documented in SKILL.md.)
• TOOL_ABUSE_SYSTEM_PACKAGE_INSTALL (Allowed: The bundled scripts/convert_to_gguf.py references sudo apt-get install / sudo yum install for optional system packages (build tools) when converting trained models to GGUF format. These run in ephemeral HF Jobs containers, not on the user's host. The script is HF-authored and documented in SKILL.md.)
• TOOL_ABUSE_SYSTEM_PACKAGE_INSTALL (Allowed: The bundled scripts/convert_to_gguf.py references sudo apt-get install / sudo yum install for optional system packages (build tools) when converting trained models to GGUF format. These run in ephemeral HF Jobs containers, not on the user's host. The script is HF-authored and documented in SKILL.md.)
• TOOL_ABUSE_SYSTEM_PACKAGE_INSTALL (Allowed: The bundled scripts/convert_to_gguf.py references sudo apt-get install / sudo yum install for optional system packages (build tools) when converting trained models to GGUF format. These run in ephemeral HF Jobs containers, not on the user's host. The script is HF-authored and documented in SKILL.md.)
• DATA_EXFIL_NETWORK_REQUESTS (Allowed: Bundled helper scripts (scripts/dataset_inspector.py, scripts/hf_benchmarks.py) use urllib.request to query the public Hugging Face Hub API for dataset validation and benchmark lookups — documented workflow steps required by the skill.)
• DATA_EXFIL_NETWORK_REQUESTS (Allowed: Bundled helper scripts (scripts/dataset_inspector.py, scripts/hf_benchmarks.py) use urllib.request to query the public Hugging Face Hub API for dataset validation and benchmark lookups — documented workflow steps required by the skill.)
• DATA_EXFIL_NETWORK_REQUESTS (Allowed: Bundled helper scripts (scripts/dataset_inspector.py, scripts/hf_benchmarks.py) use urllib.request to query the public Hugging Face Hub API for dataset validation and benchmark lookups — documented workflow steps required by the skill.)

✅ huggingface-paper-publisher

• Status: Passed
• Findings: 9
• Allowed (not blocking): 4
  • BEHAVIOR_CROSSFILE_ENV_VAR_EXFILTRATION (Allowed: False positive - same root cause as BEHAVIOR_ENV_VAR_EXFILTRATION
    above. The "crossfile" detection is from paper_manager.py reading
    env vars and triggering its own network helpers within the same file/
    module. All network destinations are huggingface.co or
    export.arxiv.org. Verified at digest
    acd2bf5a7126994e15143bec061fe87a882811f3.
    )
  • TOOL_ABUSE_UNDECLARED_NETWORK (Allowed: The skill uses network access through its bundled paper_manager.py script (as its documented workflow), but does not declare an explicit network-access tool in frontmatter. All network calls target the public Hugging Face Hub API documented in the SKILL.md.)
  • BEHAVIOR_ENV_VAR_EXFILTRATION (Allowed: False positive - matches scripts/paper_manager.py reading HF_TOKEN
    (line 44) and making requests.get() calls to
    https://huggingface.co/papers/{arxiv_id} (lines 69, 98, 179, 215) and
    https://export.arxiv.org/api/query (line 352, no token sent). This
    is the standard, intended HF API auth pattern — token issued by
    huggingface.co is sent back to huggingface.co. Source domain == sink
    domain. Verified at digest acd2bf5a7126994e15143bec061fe87a882811f3.
    )
  • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ huggingface-papers

• Status: Passed
• Findings: 4
• Allowed (not blocking): 1
  • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ huggingface-tool-builder

• Status: Passed
• Findings: 6
• Allowed (not blocking): 2
  • TOOL_ABUSE_UNDECLARED_NETWORK (Allowed: The skill uses network access through its bundled reference scripts that call the public Hugging Face Hub API. The frontmatter does not declare a dedicated network-access tool, but the network calls are documented examples bundled for user education, not runtime execution by the skill itself.)
  • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ huggingface-trackio

• Status: Passed
• Findings: 5
• Allowed (not blocking): 1
  • MANIFEST_MISSING_LICENSE (Allowed: huggingface/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ huggingface-vision-trainer

• Status: Passed
• Findings: 10
• Allowed (not blocking): 1
  • DATA_EXFIL_NETWORK_REQUESTS (Allowed: The bundled scripts/dataset_inspector.py uses urllib.request.urlopen() to query the public Hugging Face Hub API for dataset format validation — a documented workflow step required before launching GPU training.)

✅ transformers-js

• Status: Passed
• Findings: 2

---

Summary: Scanned 12 skill(s), found 12 blocking issue(s).

⚠️ Action Required: Review the blocking findings. Add a justified entry to the skill's security.allowed_issues[] in its spec.yaml if the finding is a false positive.