Thanks.
Reading the jtolio answer in Sharing ML Dataset via read-only access grant - #3 by jtolio, a question come to my mind: in case the shared Access Grant is read and list only, is the described flaw still valid? Or this malicious behaviour is only possible if the Access Grant has write permissions?
Thanks!