Skills
skills/owid/etl/vscode-extension-dev/Gen Agent Trust Hub

vscode-extension-dev

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted data from local extension projects.
  • Ingestion points: The skill reads configuration and metadata from vscode_extensions/<name>/package.json and other project files.
  • Boundary markers: No explicit delimiters or instructions are used to prevent the agent from obeying instructions embedded within the extension source code.
  • Capability inventory: The skill can execute shell commands via npm, npx, and the code CLI, allowing for subprocess creation.
  • Sanitization: There is no validation or filtering of scripts defined in package.json before they are executed via npm run compile.
  • [COMMAND_EXECUTION]: The skill performs several command-line operations to compile, package, and install extensions.
  • Executes npm run compile to build the TypeScript source.
  • Executes npx @vscode/vsce package to create extension bundles.
  • Executes code --install-extension to modify the local VSCode environment.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and run the @vscode/vsce package. This is an official utility provided by Microsoft for VSCode extension management and is considered a well-known, trusted source.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 11:44 AM