Frames only targets stable VS Code API releases (^1.80.0).

By architectural design, Frames is completely free of unsafe DOM injections, executable binaries, or external telemetry. It uses native VS Code declarative JSON configurations. It cannot corrupt your editor or leak data.

If you discover a security vulnerability within this extension (e.g., a maliciously crafted workspace interaction), please report via private vulnerability reporting in Github. Please don't open a public issue. All reports will be addressed within 48 hours.