This is probably the larger story from the OP link:

The Stargazers Ghost Network uses over 3,000 GitHub “ghost” accounts to create networks of hundreds of repositories that can be used to deliver malware (mainly information stealers like RedLine, Lumma Stealer, Rhadamanthys, RisePro, and Atlantida Stealer) and star, fork, and subscribe to these malicious repos to push them to GitHub’s trending section and increase their apparent legitimacy.

Edit: a bit more info:

The malicious GodLoader is distributed by the Stargazers Ghost Network, a GitHub network that distributes malware as a service. Throughout September and October, approximately 200 repositories and over 225 Stargazers were used to legitimize the repositories distributing the malware.

https://research.checkpoint.com/2024/gaming-engines-an-undetected-playground-for-malware-loaders/

My take is that Godot has never claimed to be sandboxed, as long as OS.execute() is enabled by default then running arbitrary code in the user context is trivial. The solution of course is to only run code that you trust.