copilot-sdk
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides installation commands for package managers (npm, pip, go, dotnet) that target official GitHub SDK packages. These references are directed toward a well-known service and are considered safe practice for developer documentation.
- [SAFE]: Technical documentation and code snippets were reviewed for malicious patterns. The code examples demonstrate standard API usage for the Copilot SDK, including session lifecycle management and event listener registration. No obfuscation, unauthorized network operations, or sensitive data access patterns were found.
- [DATA_EXFILTRATION]: While the skill mentions configuration paths like
~/.copilot/config.json, it does so purely for informational purposes in the context of CLI setup. There are no instructions or scripts designed to access or transmit these files to external locations.
Audit Metadata