The latest version with the the pth file doesn't require an import to trigger the exploit (just having the package installed is enough thanks to [1]).
replyThe previous version triggers on `import litellm.proxy`
Again, all according to the issue OP.