copilot-coding-agent
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash scripts ('scripts/copilot-setup-workflow.sh' and 'scripts/copilot-assign-issue.sh') to perform repository setup and automate the assignment process via the 'gh' CLI.
- [CREDENTIALS_UNSAFE]: Operation requires a GitHub Personal Access Token (PAT) with 'repo' scope. While the skill recommends using GitHub Secrets, the requirement for a high-privilege token is a security consideration.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Untrusted data enters the context via issue titles and bodies in 'SKILL.md'. 2. Boundary markers: No delimiters are specified to separate user data from instructions. 3. Capability inventory: The process involves the Copilot agent which has the ability to write code and create PRs. 4. Sanitization: No sanitization or escaping of the issue content is performed before processing.
Audit Metadata