Fable 5's autonomous, MCP-connected execution model means a VS Code extension that looks completely clean can now silently influence an agent with real workspace permissions — a threat that traditional static analysis and reputation signals are not designed to catch.