You don't even need to alias a typo - if the vulnerability allows to overwrite arbitrary files in the .git-directory, which is what it sounds like, you can just add a book that will be executed on each commit/fetch/push/etc...

So yes, this is dangerous.