vscode-custom-agents
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The skill consists entirely of Markdown documentation and JSON metadata. There are no executable scripts (.sh, .py, .js) or automated tasks included in the skill package.
- PROMPT_INJECTION (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were detected in the documentation or metadata.
- DATA_EXFILTRATION (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were identified. The documentation discusses configuration settings rather than accessing user data.
- EXTERNAL_DOWNLOADS (SAFE): No external package installations or remote script executions (e.g., curl|bash) were found. All URLs point to official VS Code documentation or legitimate repository metadata.
Audit Metadata