Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

GitHub has added Claude and OpenAI Codex as native AI coding agents that work directly in repos, issues, and pull requests.