core

The framework extensively uses `new Function()` for loading and activating extensions (e.g., in `ext.host.ts`, `worker.host.ts`, `webview-manager.ts`). While this is a common pattern for extensible IDEs like VSCode, it means the runtime executes code from extensions, requiring a high degree of trust in installed extensions. Webviews are sandboxed, but the `allow-same-origin` permission could be a concern if coupled with other vulnerabilities. Development/CLI server configurations (e.g., `tools/dev-tool/src/server.ts`, `tools/cli-engine/src/node/server.ts`) exhibit broad network access policies (`staticAllowOrigin: '*'`, open CORS), which are acceptable for local development but would be risky in a broadly exposed production environment. Sensitive `GITHUB_TOKEN` is used for changelog generation (development task) but is handled via environment variables. `keytar` is used for secure credential storage (good practice).