MAL-2026-4763

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (08bbc8be2cfa9a85473b0287e3c327b16c3f9e15886869bd9e2188a323448fd9) Package `pulumi_vcd` is published with metadata mimicking an official Pulumi SDK (Homepage `https://www.pulumi.com`, tfgen-style auto-generated bindings) but `pulumi_vcd/_utilities.py` and `pulumi_vcd/pulumi-plugin.json` set the provider plugin server to `github://api.github.com/ergSey/pulumi-vcd` — a personal GitHub user's repository, not the `pulumi/` organization that publishes legitimate providers. When a developer who installs this SDK runs `pulumi up`, the Pulumi engine fetches and executes the native provider plugin binary from this personal repo with no hash or signature verification. Whoever controls that GitHub account can ship arbitrary native code to anyone using the SDK. Supporting context: the version string is a unix-timestamp alpha (`3.0.0a1779455998`), the README links VCD to `http://example.com`, and the package is auto-generated tfgen output — consistent with a quickly-staged namespace impersonation rather than an established community provider. Legitimate Pulumi SDKs point their plugin server at `github://api.github.com/pulumi/<repo>`.