Technical details:
"The plugin does not authenticate the request, which means that the attacker can insert another memberId (aka the victim) and get a code that represents the victim. With that code, he can use ChatGPT and access the GitHub of the victim."
Actually, the CVE-2023-283131 vulnerability was published with the full details just two days ago. In April Expo published a short post but without too much technical information.
You can find more details about CVE-2023-283131 in the link I shared here:
with challenges that very similar to the problems you described. But it will take a few weeks to be ready.
For your question:
Maybe they undervalue a well design code because it's hard to be measured. At the end of the day, you judge them based on their tasks and not quality. Try to give them a motivation to think like architects.
What would happen if you ask them to be reviewed by a team member, before pushing it to your review?