[g-b-r]

It wouldn't work (as the author acknowledged) but the software would get pulled as a supply-chain risk and the developer blacklisted, ok.

What I would support anyhow is less destructive "attacks" using prompts more likely to work (modern LLMs still are a bit stupid, prompt injection doesn't seem to have been solved).

[minimaxir]

Define "less-destructive." Even 00's malware that just changed the desktop wallpaper was still malware.

[g-b-r]

If it did that for a good cause, paying attention to not cause any loss, I'd probably call that benware ;)

Less destructive anyhow is e.g. convincing the LLM to stop, or to make junk commits, or to go in a loop for a little, anything inconvenient enough to make the LLM and its user give up without causing losses (or at least losses unrelated to the project, since you were told to not use LLMs on the project).