A tool that bypasses permission requests because they’re annoying will be just as guilty when the repo is poisoned.