The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute the copilot CLI with the --allow-all-tools flag. This flag is explicitly designed to auto-approve and execute any tools or commands suggested by the underlying LLM, bypassing human-in-the-loop safety checks and confirmation prompts.
[COMMAND_EXECUTION]: The combination of prompt mode (-p) and auto-approval (--allow-all-tools) allows for non-interactive, arbitrary command execution. If the agent passes untrusted data into the prompt parameter, it could result in unauthorized file access, system modifications, or data exfiltration.
[PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by accepting arbitrary strings in the -p (prompt) argument which are then processed by a secondary agent with elevated execution privileges.
Ingestion points: The prompt parameter (-p) in the copilot command used across multiple examples in SKILL.md.
Boundary markers: No delimiters or defensive instructions are provided to separate user-supplied content from agent instructions within the command string.
Capability inventory: The copilot CLI has the capability to execute shell commands, perform file system operations, and interact with the local development environment.
Sanitization: No sanitization or validation logic is present to filter malicious instructions within the prompt string before it is passed to the CLI.

ask-copilot