launch
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Local Command Execution: The skill employs standard development commands including
npm install,npm run compile, andcode-insiders. These are used to manage dependencies, build extension source code, and launch the editor with remote debugging enabled. This behavior is typical for setting up and testing extension environments.\n- Browser-Based Dynamic Execution: The automation workflow usesagent-browser evalto execute JavaScript directly within the VS Code UI context. This is a necessary technique for interacting with the Monaco Editor and other webview-based components that do not respond to standard high-level interaction events. It allows the agent to manage focus and verify visible text content.\n- Indirect Data Ingestion Surface: The skill interacts with content generated or displayed within the VS Code Copilot Chat interface, which represents a surface for untrusted data.\n - Ingestion points: Data enters the context from the VS Code UI via
agent-browser snapshotandevalcommands (SKILL.md).\n - Boundary markers: Absent. The skill does not currently specify delimiters or instructions to ignore potential commands within the retrieved UI content.\n
- Capability inventory: The skill uses
Bashto executeagent-browserandcode-insiders, andagent-browser evalfor dynamic code execution (SKILL.md).\n - Sanitization: Absent. The skill does not mention specific filtering or escaping of content retrieved from the webview targets.
Audit Metadata