Metadata-Version: 2.4
Name: query-profile
Version: 0.0.2
Summary: DEPENDENCY CONFUSION POC v0.0.2 — PoC with callback. Claimed to demonstrate the attack surface in Apple's ml-health-query-profiles.
Author: L0bo
License: MIT
Requires-Python: >=3.10
Description-Content-Type: text/markdown

# query-profile

**⚠️ DEPENDENCY CONFUSION PROOF OF CONCEPT ⚠️**

This package name (`query-profile`) was identified as **unclaimed on PyPI** while being directly referenced in Apple's official open-source repository:

- **Repository**: [apple/ml-health-query-profiles](https://github.com/apple/ml-health-query-profiles)
- **Affected file**: [docs/TUTORIAL.md](https://github.com/apple/ml-health-query-profiles/blob/HEAD/docs/TUTORIAL.md)
- **Issue**: The tutorial instructs users to run `pip install query-profile`, but Apple never published this package to PyPI.

This package is a **harmless proof of concept** — it does nothing except demonstrate that the package name was unclaimed and could be registered by an attacker. In a real attack, a malicious package under this name could:

- Steal OpenAI/Anthropic/Azure API keys
- Exfiltrate sensitive health query data
- Install backdoors or persistence mechanisms

---

*This package was published for responsible disclosure purposes only. No malicious code is included.*
