Right, but if you can embed bad packages in LLMs, you can surely embed any kind of vulnerability imaginable.