This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
Socket
socket.dev
did:plc:n6f3j47vjucu5ijwdmow7n2w
🚨 We detected malicious OpenVSX releases of Aqua Trivy (1.8.12 & 1.8.13) that injected natural-language prompts to weaponize local AI coding agents.
The releases occurred during a broader AI-powered attack targeting #OSS projects.
Full analysis ↓
https://socket.dev/blog/unauthorized-ai-agent-execution-code-published-to-openvsx-in-aqua-trivy-vs-code-extension
2026-03-02T08:48:54.055Z