This is another one of those, IDE/tooling doing more than you expect issues. In Rust you have #[proc_macro]s which are functions that are executed at compile time. The issue here is that the Rust-Analyzer, a common Language Server protocol implementation (used by the Rust plugin on VSCode) will expand these macros when analyzing the code also, creating an opportunity to, as in this PoC’s case, exfiltrate data.