Is that a surprise? The same can happen by having the LLM update the eslint configuration to add a malicious plugin. Due to how vscode works it'll be instantly evaluated.
GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773) · Embrace The Red
An attacker can put GitHub Copilot into YOLO mode by modifying the project's settings.json file on the fly, and then executing commands, all without user approval
