copilot-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the SDK explicitly supports loading custom agent Markdown files (e.g., .github/agents/ in repositories or org-level agents) and exposes tools/MCP integrations including a "web" tool and MCP servers that can fetch repository or web content, so the agent can read untrusted, user-provided third-party content at runtime.