pls mode runs terminal commands that are configured by the current workspace. That makes .plsmode.json powerful, useful, and worth reviewing before you click Run.

The public beta supports the latest version on the main branch and the latest packaged beta release.

Please do not post exploit details in a public issue.

Use GitHub private vulnerability reporting for Christian-Katzmann/plsmode if it is enabled. If private reporting is not available yet, open a minimal public issue that says a security report is available and asks for a private contact path. Keep details out of that public issue.

Useful reports include:

• A short description of the unsafe behavior.
• The affected file or workflow.
• Steps to reproduce with a minimal .plsmode.json.
• Whether the issue can run commands, bypass confirmation, write files, or leak data.

• pls mode does not run commands automatically.
• Terminal execution is blocked when VS Code marks the workspace as untrusted.
• Commands marked danger: true require confirmation before running.
• Workspace configs should not be trusted just because they are convenient. Review unfamiliar commands before running them.
• pls mode is not a secret manager and should not store credentials in .plsmode.json.