nah, it's a reasonable question but i am very familiar with how the parts all work, from many years, i have written tokenizers, and even a simple recursive tree structure lexical analyser that i played with to build a novel command line syntax with tree properties. at the time i was building an abstraction for a simple language, essentially.
there is no way to hide malware in a syntax, only a lexicon. i'm taking a language with one of the smallest lexicons, and razoring it down even further. probably quite a swathe of the standard library, i'm not even going to be using, but partlially hand-translating it, mostly just filling the gaps in the parts where i have removed features that they used in the Go compiler.
so, yeah. it's not likely, it's a small search space to detect, and there are no common ways in which code can be backdoored.
LLMs on the other hand, can hide reams and reams of malware in them, but with the scope of the subject matter, there's nowhere it can transfer it forward.
