vsco-code-repl-beep-patc

Warn

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to modify an existing JavaScript bundle (extension.js) belonging to a third-party VS Code extension to inject a handler that uses node:child_process.spawn to execute shell commands.
  • [COMMAND_EXECUTION]: The injected code specifically executes the macOS afplay utility to play system sound files (/System/Library/Sounds/Glass.aiff).
  • [COMMAND_EXECUTION]: The instructions involve manipulating the local filesystem using shell-like commands such as cp for creating backups of executable files before applying the code patch.
  • [COMMAND_EXECUTION]: The modification targets an installed application's output files rather than source code, which represents a persistent modification to the runtime behavior of the software environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 05:08 PM
Security Audit — agent-trust-hub — vsco-code-repl-beep-patc