vscode-extension-guide
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a documentation and template resource for VS Code extension development.
- [SAFE]: Includes explicit security guidance for managing sensitive credentials (PATs), advising users against hardcoding or leaking them in chat or logs.
- [SAFE]: Demonstrates secure Webview implementation using Content Security Policy (CSP) and nonces to prevent cross-site scripting (XSS).
- [SAFE]: References standard, official development tools and libraries from the VS Code ecosystem (such as @vscode/vsce and @vscode/test-electron).
- [SAFE]: No malicious code, exfiltration patterns, or obfuscation detected.
Audit Metadata