This paper on remote code execution (RCE) on GPUs is great. Dead simple examples of how to do it, including the Python code.

https://arxiv.org/pdf/2502.10439

It'd be so easy to backdoor these things and have a release that just skims off the top. Make a package that does what the user wants and is super easy to install and run and as long as you're not too greedy, I bet it'd work just fine for a long time.

Might want to hide it better than a wget call to github, but that's just minor details.