distributed-llm-pretraining-torchtitan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that pass a HuggingFace token as a command-line argument (e.g., --hf_token=YOUR_HF_TOKEN / --hf_token=...), which encourages embedding secrets verbatim in commands and thus requires the LLM to handle/output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows explicitly instruct fetching model/tokenizer assets from public HuggingFace repos (scripts/download_hf_assets.py --repo_id meta-llama/...) and use public datasets like "c4" for training, meaning it ingests untrusted, third‑party user-generated content that can materially influence training/runtime behavior.