The attack surface that makes this particularly nasty is that VSCode extensions run with the same trust level as the editor itself, and most developers have dozens installed without reviewing their permissions. A malicious or compromised extension silently exfiltrating GitHub tokens is undetectable without network monitoring. This is a good argument for running extensions in isolated profiles.
> is undetectable without network monitoring
Even with network monitoring, exfil to Github itself can be very hard to stop unless you SSL intercept and have very strict URL allow lists.
Best is to move away from Github, move to self hosted internal Gitlab/Forgejo and block Github completely.