The Emacs one is actually more a bug/feature in Git. If you execute "git ls-files" in the folder from the PoC, the payload gets executed. Emacs just does this automatically for you.

Agreed, absolutely no Emacs' fault.

Any text editor, IDE, file manager, that has git integration out of the box is "vulnerable" by their logic.

Also, I doubt the LLM discovered it by understanding the code. There's no shortage of articles online about this attack:

https://ian.nl/blog/trust-your-git

https://github.com/RootUp/git-fsmonitor