@oli
https://www.aikido.dev/blog/agent-skills-spreading-hallucinated-npx-commands
tldr: Interesting attack surface by claiming npm package names that LLMs are hallucinating as legit packages.
Though at the end of the day this is all about software supply chain security. Which is often an afterthought.