[ssgodderidge]

The original report by the developer, Khan, mentions that github:cline/cline would also work[0].

> github:cline/cline#aaaaaaaa could point to a commit in a fork with a replaced package.json containing a malicious preinstall script.

[0] https://adnanthekhan.com/posts/clinejection/#the-prompt-inje...