grpo-rl-training

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and templates explicitly load public, third‑party data (e.g., datasets.load_dataset('openai/gsm8k') in templates/basic_grpo_training.py and instructions to import external CSVs/repos in SKILL.md), and that data is ingested and used to train and drive model behavior—so untrusted user-generated content can materially influence tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The training template calls load_dataset('openai/gsm8k'), which at runtime fetches dataset content from https://huggingface.co/datasets/openai/gsm8k and injects that external data directly as prompts for training (i.e., it is a required runtime dependency that controls prompts).