build-and-dependency

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Dependency Management" section explicitly states that "Several dependencies are sourced directly from git (TransformerEngine, nemo-run, FlashMLA, Emerging-Optimizers, nvidia-resiliency-ext)" and the workflow requires running uv sync/uv add inside the container to fetch and install those external git/pip packages, which are untrusted third‑party sources that can materially influence build/execution behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs at runtime to docker pull ${GITLAB_HOST}/adlr/megatron-lm/mcore_ci_dev:main, which fetches a remote container image that will execute code and is relied on as the required dev/CI environment.