A Web3 professional believed caution was sufficient; this vulnerability is genuinely scary and unfamiliar to many developers

Treat untrusted repos like malware. Open in restricted mode. Inspect .vscode/ before trusting anything 🙏