suggest-awesome-github-copilot-agents
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches agent descriptions and content from the official 'github/awesome-copilot' repository. These downloads target a trusted organization and are handled as intended functionality.
- [COMMAND_EXECUTION]: Uses
curlvia the terminal to retrieve and save agent files to the.github/agents/directory. This capability is only exercised after an explicit user request. - [DATA_EXFILTRATION]: Analyzes local repository context, including file patterns and chat history, to provide relevant suggestions. All network operations are conducted with well-known, trusted GitHub domains.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes external data.
- Ingestion points: Custom agent definitions from the 'awesome-copilot' repository.
- Boundary markers: Not explicitly defined for the ingested remote content.
- Capability inventory: File system write access and terminal execution via
curl. - Sanitization: No specific content sanitization mentioned for the downloaded Markdown files.
Audit Metadata