grpo-rl-training

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content is mostly benign training guidance but includes an unsandboxed exec() code execution in run_test_cases (and related code-execution reward functions) that allows arbitrary model-generated code to run on the host—this is a high-risk remote code execution/vector for backdoors if used with untrusted inputs; no clear data-exfiltration, credential-theft, obfuscation, or supply-chain attacks are present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly loads public third‑party datasets (e.g., load_dataset('openai/gsm8k') in templates/basic_grpo_training.py) and provides a custom CSV loader in SKILL.md, meaning the agent ingests external, potentially untrusted content as part of its training/evaluation workflow, which could carry indirect prompt-injection payloads.