via:
Compromised just by starting an MCP Server in Cursor
A malicious litellm release on PyPI compromised our machine through an MCP server's unpinned dependency. No prompt injection, no LLM trickery, just a poisoned package auto-downloaded by uvx.
futuresearch.ai ↗