tinker-training-cost

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The bundled script (scripts/calculate_cost.py) loads tokenizers from public HuggingFace repositories via AutoTokenizer.from_pretrained(tokenizer_name, trust_remote_code=True) using the MODEL_TOKENIZERS mapping, which fetches and executes untrusted third‑party code/assets from the open web and can therefore influence tokenization and downstream cost/behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The script calls AutoTokenizer.from_pretrained(tokenizer_name, trust_remote_code=True), which at runtime fetches and may execute remote code from Hugging Face model repositories (e.g. https://huggingface.co/Qwen/Qwen3-8B), and those external repos are required dependencies for tokenization.