moai-ml-llm-fine-tuning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly loads public third‑party artifacts (e.g., datasets.load_dataset(path="databricks/databricks-dolly-15k") and model weights via AutoModelForCausalLM.from_pretrained with public model IDs and trust_remote_code) and consumes those user-generated/open-web contents as training prompts that directly influence fine-tuning and subsequent model behavior, creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill calls AutoModelForCausalLM.from_pretrained("meta-llama/Llama-3.1-8B") with trust_remote_code=True, which causes the runtime to fetch and execute code from the Hugging Face model repo (https://huggingface.co/meta-llama/Llama-3.1-8B), a required external dependency that can run arbitrary remote code.