A command-line interface (CLI) tool named 'riciplay-cli' was published to the Python Package Index (PyPI) without proper security validation, potentially exposing users to supply chain attacks. The vulnerability affects developers and organizations relying on unvetted PyPI packages, enabling malicious code execution or dependency confusion attacks.