>>skrebb+(OP)
Agreed. This is a standard supply chain attack that has little to do with AI except that it is written in the 'english-as-a-scripting-language' that LLMs execute.
Every repository is vulnerable to this kind of attack, and pip/npm have been attacked in many times in similar ways.