copilot-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill references and provides installation commands for SDK packages from the 'github' organization (e.g., @github/copilot-sdk). Although legitimate, this organization is not present in the 'Trusted GitHub Organizations' list.\n- [COMMAND_EXECUTION] (LOW): The skill documents tools for shell command execution ('execute') and file system modification ('edit'). These are high-privilege capabilities inherent to the SDK's purpose.\n- [PROMPT_INJECTION] (LOW): The skill defines a surface for indirect prompt injection where untrusted data from 'session.send()' could influence an agent with 'execute' and 'read' capabilities. Evidence Chain: 1. Ingestion points: 'SKILL.md' and 'references/working-examples.md' (prompt interpolation); 2. Boundary markers: Absent; 3. Capability inventory: 'execute', 'read', 'edit', and 'web' (documented in 'references/cli-agents-mcp.md'); 4. Sanitization: Absent in provided code examples.
Audit Metadata