When such a library is used in production code, that's on the person who chose to use it in production, not on the original author of the library.
You are responsible for the code you ship, doesn't matter whether it's written by you, an LLM, or whether it's a third-party dependency.
While that is certainly true, we could also be nice and reduce the workload of someone reviewing their dependencies and write it down in the readme.