PkgRadar

PyPI · pypi.org

trustgraph-cli

Py Runtime Dynamic Dangerous Import: Dynamic __import__('sys') — reflection bypass for static checks.

Why PkgRadar flagged 2.5.11

SeveritySignalEvidence
highPy Runtime Dynamic Dangerous ImportDynamic __import__('sys') — reflection bypass for static checks. · trustgraph_cli-2.5.11/trustgraph/cli/invoke_llm.py
highPy Runtime Dynamic Dangerous ImportDynamic __import__('sys') — reflection bypass for static checks. · trustgraph_cli-2.5.11/trustgraph/cli/invoke_prompt.py

Scanned versions

VersionVerdictScoreScanned (UTC)
2.5.11High risk252026-06-03
2.5.10High risk252026-06-03
2.5.9High risk252026-06-02
2.5.8High risk252026-06-02
2.5.7High risk252026-06-01
2.5.6High risk252026-06-01
2.4.33High risk252026-06-01
2.5.5High risk252026-06-01
2.4.32High risk252026-06-01
2.5.4High risk252026-05-30
2.5.3High risk252026-05-30
2.4.31High risk252026-05-30
2.4.30High risk252026-05-30

Block this in CI

PkgRadar gates trustgraph-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi trustgraph-cli==2.5.11
Start free — 25 scans / moView full evidence