The image shows a basic 2D 8-bit style computer monitor with a yellow warning triangle on the screen. Around it are overlapping shapes symbolizing code blocks, a small padlock indicating security, and a document icon with a jagged line to suggest a risky script. The illustration uses five flat colors, has no background, people, or text, and is presented in a clear, iconic manner.

Security and Trust

We discuss various security risks and possible mitigations when using GenAIScript. GenAIScript inherits the same security risks as running scripts, and adds some new threats due to the nature of the LLM-generated outputs.

We also recommend reading the Transparency Note to understand the capabilities and limitations of GenAIScript.

Don’t trust the scripts

Since the GenAIScript files .genai.mjs are executable JavaScript files and are in fact using a JavaScript runtime (VSCode or Node). It is important to understand that the script can do anything that JavaScript can do. This includes reading and writing files, making network requests, and executing JavaScript arbitrary code.

Don’t trust the LLM Outputs

A trusted script might use malicious files from the context to generate a malicious output. For example, overriding files in the project with new malicious code.

in Visual Studio Code, use the refactoring preview
in your CI/CD, create a pull request with the changes and review them

Visual Studio Code Workspace Trust

The extension is disabled when opening a folder in Restricted Mode in Visual Studio Code.

Visual Studio Code Markdown Preview

The output of the LLM and the trace use the built-in markdown preview of Visual Studio Code. By default, VS Code restricts the content displayed in the Markdown preview. This includes disabling script execution and only allowing resources to be loaded over https.