vscode-extension-publisher
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local shell script,
scripts/preflight-check.sh, to verify the development environment. This script checks for installed versions of Node.js and npm, and validates the structure of the project'spackage.jsonto ensure all required fields for the marketplace are present. - [EXTERNAL_DOWNLOADS]: The skill guides the user to install
@vscode/vsce, which is the official Microsoft command-line tool for packaging and publishing VS Code extensions. This is a standard dependency for the intended task and is sourced from the official npm registry. - [SAFE]: The skill provides detailed and secure instructions for managing authentication. It directs users to the official Azure DevOps portal to create Personal Access Tokens (PATs) and provides guidance on storing these credentials securely using GitHub Secrets for CI/CD automation, adhering to industry best practices.
Audit Metadata