VS Code-integrated configuration files are automatically executed in GitHub Codespaces when users open a repository or pull request, a finding highlighted by Orca Security. The research warns this default behaviour could enable supply chain attacks, since malicious commands could be run via JSON files placed in the .vscode folder or through devcontainer[.]json after a container initialises.
Orca also notes that attackers could target Linux systems by embedding terminal variables in another JSON file, triggering payload execution, and could exfiltrate GitHub tokens and Codespaces secrets, enabling read and write operations in the victim’s context. The report describes how an attacker might fork public repositories, open a malicious pull request, and have a maintainer’s token leaked when Codespaces is used, potentially allowing the attacker to push code as a verified maintainer.
According to Orca Security, Microsoft has said the behaviour is intentional, and SecurityWeek’s article, published on 5 February 2026, notes that both token abuse and hidden APIs could be misused for further attacks.