mcp-configure
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several Azure CLI commands including
az account show,az login, andaz account get-access-token. These are used to authenticate the user and retrieve a bearer token for the Power Apps API. - [COMMAND_EXECUTION]: Uses
mkdir -pto create the.mcp/copilotdirectory structure for project-scoped configurations. - [EXTERNAL_DOWNLOADS]: Fetches environment configuration and metadata from the Microsoft Power Apps API (
api.powerapps.com). These requests are authenticated using the token retrieved via the Azure CLI. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from an external API (environment display names and instance URLs) and incorporating it into local configuration files. While the skill specifies JSON formatting and basic string manipulation (stripping trailing slashes), it lacks explicit boundary markers or strict validation for the ingested external content.
- Ingestion points: API response from
https://api.powerapps.com/providers/Microsoft.PowerApps/environmentsin Step 2a. - Boundary markers: Absent in Step 6 when writing to the configuration file.
- Capability inventory: File-write access to
~/.copilot/mcp-config.jsonand.mcp/copilot/mcp.json; execution ofazandmkdircommands. - Sanitization: Limited to stripping trailing slashes and extracting subdomains for server naming; uses standard JSON formatting for output.
- [SAFE]: The modification of
~/.copilot/mcp-config.jsonis the intended primary purpose of the skill for configuring the GitHub Copilot MCP extension.
Audit Metadata