copilot-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly documents connecting to third-party MCP servers (e.g., GitHub's MCP at https://api.githubcopilot.com/mcp/) and examples like a "pr-reviewer" agent that access repositories, issues, and PRs—i.e., the agent is expected to fetch and interpret user-generated GitHub content which could contain untrusted instructions that influence actions.