distributed-llm-pretraining-torchtitan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that pass a HuggingFace token as a command-line argument (e.g., --hf_token=YOUR_HF_TOKEN / --hf_token=...), which encourages embedding secrets verbatim in commands and thus requires the LLM to handle/output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs runtime fetching and ingestion of open/public third‑party assets (e.g., downloading HuggingFace model/tokenizer assets via scripts/download_hf_assets.py, cloning GitHub repos, and converting/loading HuggingFace checkpoints with the conversion scripts), which are user‑provided/untrusted sources and are expected to be read/loaded as part of the workflow.