From 7e708dc8716b5744e04933b1b9a5c5f910f593cd Mon Sep 17 00:00:00 2001
From: Tamado Ramot Sitohang <7479638+ramottamado@users.noreply.github.com>
Date: Sun, 17 Sep 2023 22:08:39 +0700
Subject: [PATCH] Update README.md, add warning

---
 README.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 50b3d96..db97f1a 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,9 @@
+# POTENTIAL SECURITY BREACH
+
+This extension enables arbitrary code execution via `Eval()` dbus method. This means when you enable this extension, malicious apps, extensions or scripts can call the said dbus method and run malicious GJS codes on your machine.
+
+The extension at https://extensions.gnome.org/extension/5952/eval-gjs/ was not uploaded nor maintained by me. **Please refrain from installing this extension at all.**
+
 # Eval GJS GNOME Shell Extension
 
 As of GNOME 41, the dbus method `Eval()` is now restricted with `MetaContext:unsafe-mode` property (see this [commit](https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1970/diffs?commit_id=f42df5995e08a89495e2f59a9ed89b5c03369bf8)). This extension provides unrestricted `Eval()` dbus method for running arbitrary code in the compositor.
@@ -23,4 +29,4 @@ gdbus call \
   --dest org.gnome.Shell \
   --object-path /dev/ramottamado/EvalGjs \
   --method dev.ramottamado.EvalGjs.Eval "Main.overview.show();"
-```
\ No newline at end of file
+```