calebjang·il y a 4 mois·discussThis is exactly what worries me about autonomous agents. A compromised package is bad. An agent that autonomously runs pip install with that package is a different problem. The attack surface moves with the agent.