mcp-configure
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using the Azure CLI (
az) to authenticate the user and retrieve access tokens required for environment discovery. - [EXTERNAL_DOWNLOADS]: Fetches environment metadata from the official Microsoft Power Apps API (
api.powerapps.com). This is a well-known service and the communication is used to populate configuration settings. - [COMMAND_EXECUTION]: Performs filesystem operations including directory creation (
mkdir -p) and writing JSON configuration data to local paths like~/.copilot/mcp-config.jsonor project-specific.mcp/directories. - [PROMPT_INJECTION]: The skill processes data from external APIs and local configuration files which could serve as a surface for indirect prompt injection, although the risk is minimized by the use of trusted sources.
- Ingestion points: Environment lists from
api.powerapps.com(Step 2a) and existing MCP configurations from the local filesystem (Step 1). - Boundary markers: None identified between external data and agent instructions.
- Capability inventory: Shell command execution via
azand filesystem write access. - Sanitization: The skill filters JSON properties but does not explicitly sanitize strings against adversarial instructions.
Audit Metadata