distributed-llm-pretraining-torchtitan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs users to pass a Hugging Face token directly on the command line (e.g., --hf_token=... / --hf_token=YOUR_HF_TOKEN), which requires embedding secret values verbatim in generated commands and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows explicitly instruct fetching model/tokenizer assets from public HuggingFace repos (scripts/download_hf_assets.py --repo_id meta-llama/...) and use public datasets like "c4" for training, meaning it ingests untrusted, third‑party user-generated content that can materially influence training/runtime behavior.