mcp-configure
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses the Azure CLI (az) to verify authentication and obtain access tokens for environment discovery.
- [COMMAND_EXECUTION]: Creates local directories for project-scoped configuration files using system commands.
- [DATA_EXFILTRATION]: Performs network requests to well-known Microsoft API endpoints (api.powerapps.com) to discover Dataverse environments.
- [DATA_EXFILTRATION]: Accesses the agent's local configuration files (~/.copilot/mcp-config.json and .mcp/copilot/mcp.json) to read existing settings and register new MCP servers.
- [PROMPT_INJECTION]: Processes Dataverse environment names from a remote API, creating a surface for indirect prompt injection.
- Ingestion points: Environment metadata from api.powerapps.com.
- Boundary markers: None used during display.
- Capability inventory: File system read/write access and Azure CLI command execution.
- Sanitization: Basic URL normalization; environment display names are not sanitized.
Audit Metadata