ZKP for Program Verification

I have a question, lets say there is data provider X, who has the data and model provider Y who has the model we need to protect the privacy of both X and Y and there is a middle man Z who is brokering the deal between X and Y in such a way that the entire process is trustless even Z can’t see what’s happening on X and Y end.
So my questions is when Y submits his algorithm on middle man platform Z, how to ensure that the code which Y is providing is not malicious and if malicious how to detect it without actually looking at Z’s code?
Can ZKP serve as a solution or do I have to look for alternative solutions? Can ZKP inside a WASM achieve this?
Can ZKP for Code verification be achieved in a production setting environment?