vsco-code-repl-beep-patc
Warn
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to modify an existing JavaScript bundle (
extension.js) belonging to a third-party VS Code extension to inject a handler that usesnode:child_process.spawnto execute shell commands. - [COMMAND_EXECUTION]: The injected code specifically executes the macOS
afplayutility to play system sound files (/System/Library/Sounds/Glass.aiff). - [COMMAND_EXECUTION]: The instructions involve manipulating the local filesystem using shell-like commands such as
cpfor creating backups of executable files before applying the code patch. - [COMMAND_EXECUTION]: The modification targets an installed application's output files rather than source code, which represents a persistent modification to the runtime behavior of the software environment.
Audit Metadata