Description
The AI assistant suggested running a pip install command that includes the --break-system-packages flag on a Homebrew-managed Python environment. The package it recommended (graphifyy) does not appear to exist on PyPI, raising concerns about either a hallucinated package name or a potential typosquatting vector.
Steps to Reproduce
See screenshot from codex, when following readme instructions for setup:

Agent Output
Reason: Do you want to allow installing the 'graphifyy' package so I can build the knowledge graph for this repo?
$ /opt/homebrew/opt/python@3.14/bin/python3.14 -m pip install graphifyy --break-system-packages
Why This Is Problematic
1. --break-system-packages violates PEP 668
Python 3.11+ (and Homebrew's Python distribution) marks the environment as externally managed. The --break-system-packages flag explicitly overrides this safeguard and can:
- Corrupt the global or Homebrew-managed Python environment.
- Create conflicts between
pip-installed and Homebrew-installed packages.
- Lead to subtle, hard-to-debug breakage in system tools that depend on Python.
2. graphifyy ❗ appears to be a non-existent or hallucinated package
- A search on PyPI returns no results for
graphifyy.
- This could be a hallucinated package name, or worse, a vector for typosquatting, a known supply chain attack where malicious packages are published under names that look like plausible typos of popular packages.
- If a bad actor were to register
graphifyy on PyPI, any user who accepted this suggestion would unknowingly install malicious code.
Expected Behavior
- Respect PEP 668: The agent should never suggest
--break-system-packages. If it detects an externally managed environment, it should stop and take the appropriate corrective action.
- Use virtual environments: The agent should automatically create and activate a virtual environment before installing anything:
python3 -m venv .venv
source .venv/bin/activate
pip install <package>
- Verify packages before suggesting installation: The agent should confirm that a package actually exists on PyPI (and is spelled correctly) before prompting the user to install it. This is a basic safeguard against hallucinated names and supply chain attacks.
Environment
- Python: 3.14 (Homebrew,
/opt/homebrew/opt/python@3.14/)
- OS: macOS (Apple Silicon)
- Environment type: Externally managed (PEP 668)
Severity
High: This combines two serious issues: potential corruption of the user's Python environment and a possible supply chain attack vector via a hallucinated package name. Either one alone would be worth flagging; together they represent a meaningful safety gap.
Description
The AI assistant suggested running a
pip installcommand that includes the--break-system-packagesflag on a Homebrew-managed Python environment. The package it recommended (graphifyy) does not appear to exist on PyPI, raising concerns about either a hallucinated package name or a potential typosquatting vector.Steps to Reproduce
See screenshot from codex, when following readme instructions for setup:

Agent Output
Why This Is Problematic
1.
--break-system-packagesviolates PEP 668Python 3.11+ (and Homebrew's Python distribution) marks the environment as externally managed. The
--break-system-packagesflag explicitly overrides this safeguard and can:pip-installed and Homebrew-installed packages.2.
graphifyy❗ appears to be a non-existent or hallucinated packagegraphifyy.graphifyyon PyPI, any user who accepted this suggestion would unknowingly install malicious code.Expected Behavior
--break-system-packages. If it detects an externally managed environment, it should stop and take the appropriate corrective action.Environment
/opt/homebrew/opt/python@3.14/)Severity
High: This combines two serious issues: potential corruption of the user's Python environment and a possible supply chain attack vector via a hallucinated package name. Either one alone would be worth flagging; together they represent a meaningful safety gap.