distributed-llm-pretraining-torchtitan
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSSAFE
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill references installing packages from the 'pytorch' GitHub organization and PyPI. These are considered trusted sources under the defined security policy, and the download finding is downgraded accordingly.
- [Prompt Injection] (SAFE): No instructions found that attempt to bypass safety filters or override agent behavior.
- [Data Exposure & Exfiltration] (SAFE): No unauthorized network operations or data exposure patterns were detected. Mentions of Hugging Face tokens correctly use placeholders for user-provided input.
- [Indirect Prompt Injection] (LOW): The skill orchestrates training on external datasets. Evidence: 1. Ingestion: Dataset configurations in TOML files (e.g., file SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Distributed execution via 'torchrun', file writing via checkpointing. 4. Sanitization: Handled by model tokenization. Severity is LOW as the content only influences internal training state without side channels for command execution.
Audit Metadata