azure-hosted-copilot-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to fetch and read public SDK documentation and code from third-party sources (e.g., using context7-resolve-library-id + context7-query-docs and falling back to github-mcp-server-get_file_contents on the public "github/copilot-sdk" repo, as shown in references/copilot-sdk.md), so untrusted, user-generated content would be ingested and used to select code snippets and drive next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs runtime fetching of external repository content (used to populate prompts/examples) — e.g., calling MCP or reading the repo via github-mcp-server-get_file_contents / https://github.com/github/copilot-sdk and scaffolding via azd init --template azure-samples/copilot-sdk-service, which are external repo fetches that can directly control prompts or inject code at runtime.