Be more clear about restricted mode/workspace trust

[Tyriar]

I tried to get a link that explains details about workspace trust and the best there seems to be is the line item in https://code.visualstudio.com/docs/copilot/security#_user-responsibilities-and-best-practices

Open new codebases in restricted mode: Until you've reviewed a project for malicious code like watch tasks or scripts, rely on the Workspace Trust boundary and open it in restricted mode. Opening a workspace in restricted mode also disables agent mode in that workspace.

I think we should change it to something like this:

Open untrusted/foreign codebases in restricted mode: Until you've reviewed a project for malicious code, rely on the Workspace Trust boundary and open it in restricted mode. Opening a workspace in restricted mode also disables agent mode in that workspace. Remember any file could be pulled into the context by agent mode so any file could theoretically cause a prompt injection attack.

[ntrogh]

@Tyriar What about the content here: https://code.visualstudio.com/docs/editing/workspaces/workspace-trust ?
Or are you specifically looking for workspace trust irt agents?

[Tyriar]

We should have a statement about how it related to agent mode. We mention restricted mode disables agent mode, but not that any file can cause problems when in agent mode as they could be pulled in automatically via tool calls which happens by design without user approval.