vscode-extensions
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill documents standard usage of the VS Code CLI (
code --install-extension) to automate environment setup. These commands target the official marketplace and follow documented practices. - [INDIRECT_PROMPT_INJECTION] (LOW): The import capability (
cat extensions.txt | xargs -L 1 code --install-extension) reads from a local file to execute commands. While this processes external data, the pattern is a standard administrative workflow for synchronizing development environments. - [EXTERNAL_DOWNLOADS] (SAFE): References to external extensions point to official and widely-used packages (e.g., ms-python.python, dbaeumer.vscode-eslint).
Audit Metadata