Affected script: "install-scripts:post-update-cmd"
The script removes all files in the app/etc/ directory and then removes the app/etc and app directories entirely. This may wipe out critical system or application configuration files and potentially render the system or the application inoperative. Moreover, the vendor/bin/phpcs --config-set installed_paths ../../magento/magento-coding-standard/
command potentially alters the locations from which PHP code sniffer rules are loaded, potentially giving a chance for execution of arbitrary code if those locations contain malicious scripts.