A single config file in a cloned repository could steal your AWS credentials through Amazon Q Developer