What is the security model of VSCode Remote Development? If the remote server is fully controlled by an attacker, is it possible for him/her to run arbitrary code on my local machine? Is there any PoC for this?
If the answer is yes, does Restricted Mode solve this problem? In my understanding, Restricted Mode only stops attacks from the project folder, while the attacker could also manipulate the vscode server.