nanochat-llm-training

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Most links point to reputable resources (Karpathy's GitHub and documentation), but the prompt explicitly instructs running a remote installer via curl|sh (https://astral.sh/uv/install.sh) and executing code from cloned repos, which is a high-risk practice because it executes unreviewed remote scripts and could distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required reference pipeline (runs/speedrun.sh) explicitly performs "data download" and the repo includes dataset.py ("Download/read utils for pretraining data"), showing the runtime will fetch and ingest public/untrusted training data (and external links like GitHub/DeepWiki/Discussions are referenced), which the training/inference workflow reads and can materially change model behavior.