Yes, but it should be fairly easy to "simply" attack the common technologies that LLMs keep parroting. NextJS, or some Rust tools, or whatever other tools LLMs "love" using, are all great targets.

Once millions of completely unskilled developers have "workflows" that consist of asking an LLM to make a thing, followed by those LLMs pulling in the same 100 (often outdated versions of) dependencies, you have a beautiful attack vector.

Yes, it's "easy" to attack something like Obsidian. It's probably easier to attack a couple hundred dependencies LLMs like to use, or to test what LLMs commonly do to implement things from scratch, and attack those weaknesses.

We are just lucky that enough real, smart, people engineered things that actually work, are well understood, and keep us safe, like firewalls.