GitHub’s disclosure of a poisoned VS Code extension used to exfiltrate internal repositories marks a live supply-chain compromise that extends far beyond a single employee endpoint. The attacker leveraged the extension’s privileged access to source-control workflows, a pattern consistent with prior marketplace abuses where unsigned or minimally vetted updates slip through automated review pipelines. Unlike earlier incidents such as the 2021 Codecov bash uploader compromise or the 2023 npm package hijacks, this attack directly targeted a Microsoft-maintained marketplace whose trust assumptions rest on publisher reputation rather than runtime attestation or behavioral sandboxing. GitHub’s statement correctly notes secret rotation and repository exfiltration but omits any discussion of extension signing gaps, update-channel integrity, or the absence of mandatory code-signing enforcement for high-privilege extensions. Cross-referencing Microsoft’s own 2024 VS Code security whitepaper and the NIST Secure Software Development Framework reveals that extension publishers still operate under a “trust on first use” model that has repeatedly failed at scale. The incident therefore functions as a stress test for the entire developer-tool ecosystem: once an extension gains workspace and git credentials, lateral movement to corporate repositories becomes trivial. Persistent weaknesses in marketplace governance, rather than any single actor’s tradecraft, remain the decisive vulnerability.