vscode-ext-commands
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to bypass AI safety filters, override system behavior, or extract system prompts. The content is strictly technical documentation.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file paths, hardcoded credentials, or network operations (curl, wget, fetch) were detected.
- [Remote Code Execution] (SAFE): The skill does not reference any external scripts, package managers, or dynamic execution environments.
- [Obfuscation] (SAFE): No Base64, zero-width characters, or homoglyphs were found. The text is clear and human-readable.
- [Indirect Prompt Injection] (SAFE): While the skill provides templates for VS Code commands, it does not define a mechanism for ingesting untrusted data or executing logic based on external inputs.
Audit Metadata