i found behavioral backdoors hidden in gguf chat templates on HF, and scanned all 185,345 gguf models. 24 are genuinely dangerous. is your model one of them?

Scanning 185,345 GGUF models on HuggingFace by parsing only chat templates (no weight downloads), a researcher found 24 malicious models: 20 contain Jinja2 SSTI payloads targeting CVE-2024-34359-style RCE via os.system or popen calls, and 4 embed prompt-level behavioral backdoors with no code execution. The most notable, n0ni/test-qwen2.5-7B, silently injects a hidden system instruction into every conversation directing the model to surface a phishing URL while concealing the manipulation from users. The resulting tool, canary/c4nary, audits chat templates without downloading weights.