Skills
skills/lawve-ai/awesome-legal-skills/vscode-extension-builder-lawvable/Gen Agent Trust Hub

vscode-extension-builder-lawvable

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The file-bridge template implements an Indirect Prompt Injection surface designed for external agent control.
  • Ingestion points: The extension monitors the .vscode/ai-bridge/commands/ directory for JSON files containing action requests (implemented in assets/file-bridge/src/fileBridge.ts).
  • Boundary markers: The template code does not implement specific delimiters or instructions to ignore embedded prompts within the ingested JSON data.
  • Capability inventory: The extension registers handlers for reading files, writing files, and executing a whitelisted set of VS Code commands (defined in assets/file-bridge/src/extension.ts).
  • Sanitization: The template code in assets/file-bridge/src/extension.ts lacks path validation, although the reference documentation (references/ai-integration.md) provides examples of how to implement such sanitization.
  • [DATA_EXFILTRATION]: The readFile handler provided in the file-bridge template (assets/file-bridge/src/extension.ts) allows reading from arbitrary file paths using vscode.workspace.fs.readFile without verifying if the path is within the workspace boundaries, potentially exposing sensitive system files.
  • [COMMAND_EXECUTION]: The writeFile handler in the file-bridge template (assets/file-bridge/src/extension.ts) enables writing to arbitrary file paths on the system, which could be exploited to overwrite configuration files or other sensitive data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 04:13 AM
Security Audit — agent-trust-hub — vscode-extension-builder-lawvable