#1 Mention risks with Market Place supply chain attacks?

When users are enabled with arbitrary code install they must be warned about the consequences of installing extensions without first reviewing them, especially if the extensions involves connecting with SSH to the clusters. See [this article](https://www.developer-tech.com/news/2023/jan/09/visual-studio-marketplace-supply-chain-attack-vector/) for a general description of the risks associated with the Market Place and [this one](https://blog.checkpoint.com/securing-the-cloud/malicious-vscode-extensions-with-more-than-45k-downloads-steal-pii-and-enable-backdoors/) for a quantitative analysis.