suggest-awesome-github-copilot-prompts
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches prompt lists and file content from
github.comandraw.githubusercontent.comspecifically targeting thegithub/awesome-copilotrepository. - [COMMAND_EXECUTION]: Utilizes
curlthrough a terminal tool to download assets directly into the local.github/prompts/directory upon user request. - [PROMPT_INJECTION]: Ingests external markdown content and local repository files for analysis. The process lacks explicit delimiters or sanitization for the ingested data, presenting a surface for potential indirect prompt injection from the remote source or local files.
- [DATA_EXFILTRATION]: Accesses chat history and repository metadata to provide relevant suggestions. Analysis shows that network requests are limited to the vendor's repository domains, with no evidence of sensitive data being transmitted to unauthorized endpoints.
Audit Metadata