copilot-coding-agent
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires a GitHub Personal Access Token with full 'repo' scope and suggests exporting it as an environment variable (COPILOT_ASSIGN_TOKEN), which risks exposure in shell history or environment logs.
- [COMMAND_EXECUTION]: The automation relies on executing shell scripts (scripts/copilot-setup-workflow.sh and scripts/copilot-assign-issue.sh) that are not provided in the skill source, preventing verification of their logic.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Untrusted data enters via GitHub issue titles and bodies during 'gh issue create' operations. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the documentation. 3. Capability inventory: The skill has access to 'bash' shell execution, the 'gh' CLI tool, and 'Write' permissions. 4. Sanitization: There is no evidence of sanitization or escaping of the issue content before it is processed by the agent or Copilot.
Audit Metadata