finetuning

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The codebase contains an explicit dynamic-execution pattern that runs user-supplied Python grader code (arbitrary exec), which is a high-risk backdoor/RCE vector; otherwise I found no evidence of covert exfiltration, credential harvesting, or obfuscated payloads.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes agentic RFT tool-calling that passes external tool endpoints (e.g., "https://your-function-app.azurewebsites.net/api/tools") into model calls at runtime, allowing remote responses to directly influence the model's prompts/behavior.