init-vscode
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill performs standard development environment setup tasks, specifically the management of IDE configuration files within a local project context.
- [COMMAND_EXECUTION]: The skill uses basic shell commands to ensure the existence of the .vscode directory and verify file structure.
- Evidence:
mkdir -p .vscodeandls -la .vscode/defined in SKILL.md. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads and processes existing configuration files from the user's project directory.
- Ingestion points:
.vscode/extensions.jsonand.vscode/settings.json(SKILL.md). - Boundary markers: Absent; no specific delimiters are used to wrap the ingested file content.
- Capability inventory: File read/write access and shell command execution (mkdir, ls) as described in SKILL.md.
- Sanitization: The skill utilizes structured JSON parsing and merging logic to process data, which minimizes the risk of content being interpreted as instructions.
Audit Metadata