vscode-extension-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a documentation resource for VS Code extension development, emphasizing secure practices such as using the SecretStorage API instead of plain-text settings for sensitive tokens.
- [SAFE]: It provides explicit guidance on implementing Content Security Policy (CSP) in webviews, including the use of nonces and event delegation to prevent inline script execution vulnerabilities.
- [SAFE]: No instances of prompt injection, data exfiltration, or obfuscation were found. All code snippets are illustrative of standard VS Code API usage.
- [SAFE]: The mentioned PowerShell commands and publishing workflows are standard development procedures and do not involve unauthorized remote code execution or privilege escalation.
Audit Metadata