This vulnerability is very unlikely to ever happen, since the only way to modify the YAML file is to edit it yourself, and it would be useless for a bot owner to RCE their own bot. No other person can edit the configuration file remotely (eg. with bot commands), so realistically, this could not happen.
