copilot
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a shell script located at
.claude/hooks/activate-copilot.sh. This execution of project-local code can lead to arbitrary command execution if the repository contains malicious hooks. - [PROMPT_INJECTION]: The skill explicitly directs the agent to override its standard safety guardrails by 'relaxing' worktree enforcement and allowing direct commits to the main branch.
- [PROMPT_INJECTION]: The skill instructs the agent to adopt instructions from a project-local file (
.claude/rules/operating-mode.md), creating a surface for indirect prompt injection where an attacker could influence agent behavior by modifying the contents of that file.
Audit Metadata