Agent started accessing local files as web urls file:///

[Wendelstein7]

Type: Bug

Randomly, the agent stopped using local file access tools and started accessing files by its web tools, such as file:///x/y/z/. This asked me for permission ofcourse, but if the user accidentally allows all web urls such as file:///* this could mean that a malicious AI may circumvent protections that are in place for normal tool access, such as accessing files outside the workspace or accessing sensitive environment files.

Extension version: 0.40.1
VS Code version: Code 1.112.0 (07ff9d6, 2026-03-17T18:09:23Z)
OS version: Linux x64 6.17.0-20-generic snap
Modes:

System Info

Item	Value
CPUs	AMD Ryzen 5 7640U w/ Radeon 760M Graphics (12 x 4407)
GPU Status	2d_canvas: unavailable_software GPU0: VENDOR= 0xffff [Google Inc. (Google)], DEVICE=0xffff [ANGLE (Google, Vulkan 1.3.0 (SwiftShader Device (Subzero) (0x0000C0DE)), SwiftShader driver-5.0.0)], DRIVER_VENDOR=SwANGLE, DRIVER_VERSION=5.0.0 ACTIVE Machine model name: Machine model version: direct_rendering_display_compositor: disabled_off_ok gpu_compositing: disabled_software multiple_raster_threads: enabled_on opengl: disabled_off rasterization: disabled_software raw_draw: disabled_off_ok skia_graphite: disabled_off trees_in_viz: disabled_off video_decode: disabled_software video_encode: disabled_software vulkan: disabled_off webgl: unavailable_software webgl2: unavailable_software webgpu: disabled_off webnn: unavailable_software
Load (avg)	1, 1, 1
Memory (System)	26.71GB (20.67GB free)
Process Argv	--no-sandbox --force-user-env --ozone-platform=x11
Screen Reader	no
VM	0%
DESKTOP_SESSION	ubuntu
XDG_CURRENT_DESKTOP	ubuntu:GNOME
XDG_SESSION_DESKTOP	ubuntu
XDG_SESSION_TYPE	wayland

[vs-code-engineering]

Thanks for creating this issue! It looks like you may be using an old version of VS Code; the latest stable release is 1.115.0. Please try upgrading to the latest version and checking whether this issue remains.

Happy Coding!