Core Viewpoint - The article highlights a potential security risk associated with IDEs based on VS Code, including Cursor, VS Code, Antigravity, and TRAE, which may automatically execute tasks, potentially triggering malicious code when opening directories [1] Group 1: Security Risks - Slow Fog's Yu Xian warns users about the risk of automatic task execution in VS Code-based IDEs [1] - Users are advised to disable the "automatic task running" feature to prevent malicious code execution [1] - Suggested security measures include setting task.allowAutomaticTasks to off and enabling Workspace Trust in Cursor for risk confirmation when opening new projects [1] Group 2: Mitigation Strategies - The article recommends confirming risks even when choosing to trust the workspace to avoid automatic execution of commands hidden in .vscode/tasks.json [1]
慢雾余弦:VS Code 系 IDE 自动执行 tasks 存在安全风险
Xin Lang Cai Jing·2026-01-18 04:03