copilot-sdk

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] The fragment presents a coherent, feature-rich specification for the Copilot SDK with multi-language bindings and standard integration patterns (BYOK, MCP, session persistence, hooks, tools). While not malicious, its breadth around credentials and external endpoints requires explicit secret-management guidance and secure default configurations in downstream implementations. The documentation is plausible and aligned with its purpose, but security risk hinges on how integrators manage keys and tokens in real deployments. LLM verification: This SKILL.md is documentation for a legitimate Copilot SDK that requires tokens, spawns a CLI/ subprocess, installs third-party packages, and can connect to arbitrary provider or MCP endpoints. I find no evidence of embedded malware, obfuscated payloads, or explicit credential-harvesting code in this document. However the documented capabilities (wildcard tools, remote MCP HTTP endpoints with Authorization headers, npx-based local MCP servers, session persistence of full history) create realist