lol oh my god i feel **so fucking smug** right now, it's incredible.

@peter it isn’t even necessary to compromise repos. If a malicious actor posts enough malicious code that gets mingled with the LLM training data, some poor souls will start vibe-coding malicious code directly into their own products.