Skills
skills/arisng/github-copilot-fc/copilot-cli-mcp-config/Gen Agent Trust Hub

copilot-cli-mcp-config

Fail

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides configuration examples that download and execute code from an untrusted external repository (git+https://github.com/oraios/serena) using the uvx tool.
  • [COMMAND_EXECUTION]: The instructions include steps to modify the user's shell profile (~/.bashrc) to persist environment variable changes (XDG_CONFIG_HOME) across sessions.
  • [REMOTE_CODE_EXECUTION]: Multiple examples use npx to dynamically fetch and execute packages from the NPM registry at runtime, including @azure/mcp, @sentry/mcp-server, and @modelcontextprotocol/server-memory.
  • [EXTERNAL_DOWNLOADS]: The skill references and fetches content from well-known services including GitHub and Cloudflare for configuration endpoints and official documentation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 9, 2026, 11:17 PM