Workspace Trust

Table of Contents

  1. Overview
  2. Tasks Are Not Showing
  3. What Is Blocked in an Untrusted Workspace
  4. Why This Behavior Exists
  5. Related Resources

Overview

Workspace Tasks fully respects VS Code’s Workspace Trust model. When a workspace is not trusted, the extension suspends all task discovery and displays no tasks in the Workspace Tasks sidebar.

This is a security measure: task files (Taskfile.yml, Makefile, package.json scripts, Rakefile, .gitlab-ci.yml, justfile, and others) are loaded directly from your workspace and may contain instructions that execute arbitrary commands. Workspace Tasks will not parse or execute any of these files until you explicitly trust the workspace.


Tasks Are Not Showing

If no tasks appear in the Workspace Tasks sidebar, check whether the workspace is trusted:

  1. Look for the trust indicator in the VS Code status bar (bottom-left). It shows a shield icon when the workspace is restricted.
  2. Open the Command Palette (Ctrl+Shift+P / Cmd+Shift+P) and run Workspaces: Manage Workspace Trust.
  3. Click Trust Workspace to grant trust and allow task discovery.

Once the workspace is trusted, Workspace Tasks automatically refreshes and discovers all tasks.


What Is Blocked in an Untrusted Workspace

Action Trusted Untrusted
Task discovery (file parsing) βœ… ❌
CLI invocations (just, task, rake, gitlab-ci-local, …) βœ… ❌
Displaying tasks in the sidebar βœ… ❌
Running tasks βœ… ❌
Favorites / Recent Tasks βœ… ❌

Why This Behavior Exists

Workspace files can originate from any source β€” cloned repositories, downloaded archives, shared network drives, and so on. In an untrusted workspace the author of those files is unknown. Executing task definitions from such a source without explicit consent could allow an attacker to run arbitrary code on your machine.

By blocking all discovery in untrusted workspaces, Workspace Tasks ensures that no task content is evaluated or executed until you have reviewed and trusted the workspace.



© 2026 Ryan Conrad. All rights reserved.

This site uses Just the Docs, a documentation theme for Jekyll.