Well, I think it is absolutely possible to create a virus and hide it within your pack , that will run a batch job when users download the assets, and every time it detects an upload of those files, it prevents it , and reports to the owner , with the computer’s ip address.
To allow Epic to upload the content to the marketplace , there should be some exception logic , that we can use , maybe based on the site where it is being uploaded , or their ip addresses?
It is just a thought. Not sure if it practical approach