grpo-rl-training

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required training workflow explicitly loads and ingests public datasets (e.g., load_dataset('openai/gsm8k') in templates/basic_grpo_training.py and dataset preparation steps in SKILL.md) and uses those prompts/answers in reward computation and training, meaning untrusted third‑party content is read and can materially influence model behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The template calls load_dataset('openai/gsm8k'), which fetches remote training data from https://huggingface.co/datasets/openai/gsm8k at runtime and that fetched content is directly used as prompts for training, meeting the criteria for a runtime external dependency that can control prompts.