sync-copilot-workflows
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Node.js script located at
.claude/scripts/sync-copilot-workflows.cjsusing the Bash tool. The source code of this script was not provided for analysis, making its internal logic opaque. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by moving data from a data file to an instruction file.
- Ingestion points: The script reads workflow definitions and keyword matching logic from
.claude/workflows.json. - Boundary markers: The documentation mentions that the generated section in
.github/copilot-instructions.mdis wrapped in<!-- AUTO-GENERATED -->markers to prevent manual edits, but these do not serve as security boundaries against the LLM's interpretation of the content. - Capability inventory: The skill uses the
Bashtool to run the sync script and requiresReadpermissions to access the local file system. - Sanitization: Since the synchronization script's code is not provided, it is impossible to verify if it performs any validation, escaping, or sanitization of the JSON data before inserting it into the Copilot system instructions file.
Audit Metadata