Skills
skills/giuseppe-trisciuoglio/developer-kit-claude-code/copilot-cli/Gen Agent Trust Hub

copilot-cli

Warn

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of the copilot CLI tool with broad administrative and filesystem permissions. Specifically, it encourages the use of flags such as --allow-all-tools, --allow-all-paths, and --yolo (as seen in SKILL.md and references/cli-command-reference.md), which grant the underlying model the ability to perform unconstrained actions on the host system.
  • [PROMPT_INJECTION]: The skill establishes a significant surface for Indirect Prompt Injection by forwarding untrusted data to a secondary AI model with high execution privileges.
  • Ingestion points: Untrusted data enters the context via user-provided task descriptions and project file contents as specified in the prompt template in SKILL.md.
  • Boundary markers: The skill lacks effective boundary markers or safety instructions to prevent the delegated model from interpreting data within the 'Task' or 'Context' fields as direct commands.
  • Capability inventory: The delegated copilot CLI possesses extensive capabilities including shell command execution and filesystem access, particularly when combined with the suggested permission flags.
  • Sanitization: No mechanisms are described for sanitizing or escaping external content before it is interpolated into the CLI command prompt.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 1, 2026, 07:09 AM