A Neo4j knowledge graph retrieval MCP server was added to PyPI, potentially exposing users to supply chain risks via malicious packages. This impacts developers and organizations relying on PyPI for Python package dependencies, risking unauthorized data access or manipulation.