Skills
skills/ds-codi/project-memory-mcp/copilot-sdk/Gen Agent Trust Hub

copilot-sdk

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill demonstrates processing untrusted user input which establishes an indirect prompt injection attack surface. \n
  • Ingestion points: User input is captured via interactive prompts using readline (TypeScript) and input() (Python) and passed to the agent session via sendAndWait. \n
  • Boundary markers: The examples do not include explicit delimiter markers or system-level instructions to ignore embedded commands within user inputs. \n
  • Capability inventory: The SDK supports powerful functionality including arbitrary code execution through custom tool handlers, integration with GitHub's MCP server for repository access, and local file attachment processing. \n
  • Sanitization: The provided implementation examples do not show input validation or sanitization before passing data to the LLM backend.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:18 AM