multi-node-slurm

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This prompt includes explicit commands and placeholders that embed API tokens and keys in scripts/commands (e.g., export GH_TOKEN=<YOUR_GITHUB_TOKEN>, wandb login <YOUR_WANDB_KEY>), which would require the agent to insert secret values verbatim if populated, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime workflow explicitly downloads third-party model artifacts and code (e.g., save_artifacts with trust_remote_code=True, uv sync/uv run using HF_TOKEN and GH_TOKEN to fetch Hugging Face models and GitHub content, and wandb/login-driven fetches), so it ingests untrusted user-provided web content that could influence execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs runtime fetching of Hugging Face models (e.g., --hf_model_path / which resolves to https://huggingface.co//) and explicitly notes that with trust_remote_code=True rank 0 will "download tokenizer, config, custom modeling code" — i.e., remotely fetched code executed at runtime using HF tokens, which meets the criteria for a risky external dependency.