Can this be also used as an attack vector? A small seed percentage of users constantly choosing a particular poisoned pypi library to achieve a niche task which gets rled into the model suggestions and recommendations.
The recent claude code leak also revealed that they're poisoning their competitors via anti-distillation policies baked in claude code CLI (fake tool calls, adding noise etc).