Adding a link to a malware zip? That seems pretty naive.

Where are all the training-data poisoning repositories? Those set up so the next generation LLMs will be trained to include malware in the code they generate. Isn't that the new kind of supply-chain attack that's probably happening right now?