A backdoor in a LinkedIn job offer

A LinkedIn recruiter sent a job applicant a GitHub repo with a backdoor that triggered when the applicant installed dependencies, and the applicant discovered the backdoor using a read-only agent.