Comment by n1tro_lab

The scariest part is LiteLLM is a transitive dependency. The person who found it wasn't even using LiteLLM directly, it got pulled in by a Cursor MCP plugin. The supply chain attack surface for AI tooling is massive because these packages get pulled in as dependencies of dependencies and nobody audits transitive installs.