07. Security & Safety¶
| Topic | Status |
|---|---|
| Pipeline auth | Local hf CLI credentials for upload |
| Secrets in git | Not found; .env* ignored |
| browser-lab | Open CORS; POST can write fixture JSON (local-dev) |
| Model class | Classical NMT — no agent tools |
| Supply chain | Pinned deps + uv.lock |
Interview angle¶
Risk is mainly credential handling for Hub uploads and trusting published weights downstream — not runtime sandboxing.