Is the news here that someone bolted an LLM onto that? Extensions always had this degree of access. npm or pip install can also do some pretty nasty stuff with a malicious package.