Letting a glorified lorem ipsum generator have control over anything personal or sensitive is just … what’s wrong with you? You know not of computers?
This is a bog-standard supply chain attack against their skills repository. It's not an LLM-specific attack, and nearly every repository (pip, npm, etc) has been subject to similar malware.