Client side code execution

The extension uses execa in version 1.0.0 for various git related tasks.

This version has default setting of true for preferLocal which means that the extension will search the git binary within the local project path. Due to this we can construct a repository which will execute arbitrary commands when the extension is trying to invoke git.

The fix would be to set perferLocal: false here.