tinker-training-cost

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The bundled script calls AutoTokenizer.from_pretrained(..., trust_remote_code=True) which downloads and may execute tokenizers/code from the public HuggingFace model hub (community repositories), so it clearly fetches and consumes untrusted third-party content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The script calls AutoTokenizer.from_pretrained("Qwen/Qwen3-8B", trust_remote_code=True), which at runtime fetches and can execute remote code from the Hugging Face model hub (e.g. https://huggingface.co/Qwen/Qwen3-8B) and the tokenizer fetch is a required dependency for accurate token counting.