And didn’t mean to be snarky—but it’s probably a good thing they didn’t just name the plugins in the headline as avoiding them by name isn’t the solution here…

Did you try reading it?

It enables malicious versions of legitimate Obsidian plugins (‘Shell Commands’ and ‘Hider’) that are present in the shared vault.

Note these are deliberately altered versions, not the originals.

Pretty sure this is kind of how lots of memory works in general—very spatially oriented and you can use that to your advantage. Look up ‘memory palace’ for example.

It does—portable app too.