copilot-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill identifies official GitHub Copilot SDK packages for installation from standard registries (npm, pip, go, dotnet). These are well-known and legitimate packages for the ecosystem described.
- [COMMAND_EXECUTION] (SAFE): The documentation explains the use of the 'execute' tool alias for running shell commands. This is presented as a developer feature for building agentic workflows and is not used maliciously within the skill itself.
- [DATA_EXPOSURE] (SAFE): The skill references local configuration paths for the Copilot CLI (~/.copilot/) for setup purposes. No hardcoded credentials, API keys, or exfiltration patterns were found.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The documentation describes tool-use patterns that could ingest external data, representing a known surface area for indirect injection.
- Ingestion points: Custom tools like 'lookup_issue' and various MCP server integrations (references/working-examples.md, references/cli-agents-mcp.md).
- Boundary markers: Not explicitly defined in documentation snippets; developers are responsible for implementation.
- Capability inventory: Core support for shell execution ('execute') and file system operations ('read', 'edit').
- Sanitization: Standard documentation approach without specific sanitization logic for user-implemented tools.
Audit Metadata