| ▲ | S0y 4 hours ago | |||||||
> Where did the litellm files come from? Do you know which env? Are there reports of this online? > The litellm_init.pth IS in the official package manifest — the RECORD file lists it with a sha256 hash. This means it was shipped as part of the litellm==1.82.8 wheel on PyPI, not injected locally. > The infection chain: > Cursor → futuresearch-mcp-legacy (v0.6.0) → litellm (v1.82.8) → litellm_init.pth This is the scariest part for me. | ||||||||
| ▲ | RALaBarge 3 hours ago | parent [-] | |||||||
Maybe the people who use emacs for everything are the only safe ones? | ||||||||
| ||||||||