Trusted Package

You are a PyPI package maintainer who has recently adopted the new, more secure publishing method called 'Trusted publishing'. However, when you wake up one morning, you find out that your latest release has been compromised and you must follow a series of cryptic clues to discover who the culprit is and stop them from causing even more damage.