aye - the biggest risk here is that rather than pulling in some standard lib for validating email addresses an engineer may use the copilot suggestion and validate it against a few simple test cases.

Curiously an attacker could probe services for use of the invalid suggestions that copilot generates....