Appreciate any insights.
Quote from MDN:
Browsers handle SRI by doing the following:
When a browser encounters a
<link>element with an integrity attribute, before executing the script or before applying any stylesheet specified by the
<link>element, the browser must first compare the script or stylesheet to the expected hash given in the integrity value.
If the script or stylesheet doesn’t match its associated integrity value, then the browser must refuse to execute the script or apply the stylesheet, and must instead return a network error indicating that fetching of that script or stylesheet failed.
So no, it does not protect from malicious code being executed via console, since that wont affect the loaded files in any way.