vscode-doctor

Warn

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The diagnostic script collect_vscode_diagnostics.sh gathers extensive system data, including full process lists (ps aux), hardware/memory specifications, and workspace file details. It also captures contents from editor settings and log files. While the skill instructs the agent to redact this information before sharing, the collection process itself exposes sensitive local paths, project names, and potential credentials found in logs or settings to the AI agent context.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run a local script that executes various system utilities such as uptime, sysctl, ps, du, find, rg, and git.
  • [COMMAND_EXECUTION]: The collect_vscode_diagnostics.sh script dynamically executes commands passed through the EDITOR_COMMANDS environment variable. These commands are executed in a loop (for cmd in $EDITOR_COMMANDS; do ... "$cmd" --status ... done) without validation or escaping. If the variable is populated with shell metacharacters or subshell commands (e.g., via backticks or $()), it could lead to arbitrary command execution.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the local environment, such as editor log files and workspace settings, and processes it using the agent.
  • Ingestion points: Data is read via collect_vscode_diagnostics.sh from log files and settings files.
  • Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are used when the gathered data is presented to the model.
  • Capability inventory: The skill has access to the Bash and Read tools, and the diagnostic script can execute various system commands and read files.
  • Sanitization: There is no evidence of sanitization or filtering of the content read from files before it is processed by the AI agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 19, 2026, 03:59 PM
Security Audit — agent-trust-hub — vscode-doctor