copilot-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the SDK and supporting tools from official package registries including npm (@github/copilot-sdk) and PyPI (github-copilot-sdk). All downloads target well-known organizations and verified repositories.
- [COMMAND_EXECUTION]: The SDK manages the GitHub Copilot CLI via a subprocess. Security is managed through programmatic hooks like 'onPreToolUse' and 'onPermissionRequest', which allow developers to implement strict approval workflows for sensitive operations like shell access.
- [CREDENTIALS_UNSAFE]: While various authentication tokens are mentioned, the documentation correctly advises the use of environment variables and managed identities. Illustrative examples of hardcoded keys are explicitly labeled as incorrect and unsafe practices.
- [PROMPT_INJECTION]: The SDK framework manages untrusted data, creating an indirect prompt injection surface that is mitigated by developer hooks.
- Ingestion points: Data enters through the 'onUserPromptSubmitted' hook and tool results processed in 'onPostToolUse'.
- Boundary markers: The SDK allows developers to wrap prompts and inject context using custom delimiters within hooks.
- Capability inventory: The system executes CLI subprocesses and MCP server commands based on agent logic.
- Sanitization: Documentation provides patterns for sanitizing and redacting sensitive data from tool outputs before they reach the model.
Audit Metadata