Most of those are social signals, and social engineering is a thing. Sure, you can read the code for every single update for every single plug-in you have to use for VSCode to function.
Having a proper set of API boundaries with security guarantees is the right solution. Even “notable publishers” can get hacked.
I don’t even understand why it’s an open question, tbh.
How about notable publisher, verified publisher, # of downloads, rating, reviews, README, GitHub repository, extension icon, project details, repository maintenance, etc?