vscode-extension-builder-lawvable
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The
readFilehandler inassets/file-bridge/src/extension.tsprovides unrestricted access to the local filesystem. - Evidence: It takes a
filePathparameter from an external JSON command and passes it directly tovscode.Uri.file(params.filePath)andvscode.workspace.fs.readFilewithout any path validation or 'jail' within the workspace. - Impact: An attacker can read sensitive files like
~/.ssh/id_rsa,~/.aws/credentials, or local environment files. - [COMMAND_EXECUTION] (HIGH): The
writeFilehandler inassets/file-bridge/src/extension.tsallows arbitrary file writes on the local machine. - Evidence: It accepts a
filePathandcontentfrom an external JSON command and executesvscode.workspace.fs.writeFileusing an unvalidated path. - Impact: This can be used to overwrite system binaries, modify shell configuration files (e.g.,
.bashrc) for persistence, or inject malicious scripts into other projects. - [DATA_EXFILTRATION] (MEDIUM): The
getOpenFileshandler inassets/file-bridge/src/extension.tsleaks the full filesystem paths of all files currently open in the VS Code editor. - Evidence: It returns
e.document.uri.fsPathfor all visible text editors. - Impact: This exposes the user's directory structure and the names of sensitive projects they are working on.
- [COMMAND_EXECUTION] (LOW): The
executeCommandhandler allows the AI bridge to run internal VS Code commands. - Evidence: While it includes a whitelist in
assets/file-bridge/src/extension.ts, the capability itself increases the attack surface if the whitelist were to be expanded or bypassed.
Recommendations
- AI detected serious security threats
Audit Metadata