onnx-webgpu-converter

This script is not overtly malicious but contains a critical code-injection vulnerability: it embeds user-controlled model identifiers into a Python -c payload and executes them, enabling arbitrary code execution if an attacker can control the model_id input. There are also quality bugs (malformed inlined -c payload and an undefined detect_task), which increase unpredictability. Treat inputs as untrusted, avoid the -c pattern, or sanitize strictly; do not run this script on untrusted model identifiers or in privileged CI without fixes.