vscode-extension-guide

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a documentation and template resource for VS Code extension development.
  • [SAFE]: Includes explicit security guidance for managing sensitive credentials (PATs), advising users against hardcoding or leaking them in chat or logs.
  • [SAFE]: Demonstrates secure Webview implementation using Content Security Policy (CSP) and nonces to prevent cross-site scripting (XSS).
  • [SAFE]: References standard, official development tools and libraries from the VS Code ecosystem (such as @vscode/vsce and @vscode/test-electron).
  • [SAFE]: No malicious code, exfiltration patterns, or obfuscation detected.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:53 PM
Security Audit — agent-trust-hub — vscode-extension-guide