Skills
skills/microsoft/github-copilot-for-azure/file-test-bug/Gen Agent Trust Hub

file-test-bug

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • DATA_EXFILTRATION (HIGH): The skill is explicitly designed to read local files (agent-metadata.md and test source code) and transmit their "complete, unmodified contents" to an external GitHub repository (microsoft/github-copilot-for-azure).
  • Evidence: Steps 4, 5, and 7 explicitly detail reading local file paths and using the github-mcp-server-create_issue tool to post that data externally.
  • Risk: Integration test logs and metadata often contain sensitive environment variables, internal system paths, or PII that should not be posted to a public or team-wide repository without sanitization.
  • PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted data from local files and uses it to drive external API actions.
  • Ingestion Points: tests/reports/junit.xml, agent-metadata.md, and local test source files.
  • Capability Inventory: Ability to create GitHub issues via github-mcp-server-create_issue.
  • Sanitization: Explicitly absent. The skill instructs the agent to include "complete, unmodified contents" and "Do NOT summarize or truncate."
  • Boundary Markers: Absent. There are no delimiters or instructions to the agent to ignore embedded commands within the files it reads.
  • Attack Scenario: A malicious or compromised test run could generate a junit.xml or agent-metadata.md containing instructions that the agent would follow while preparing the issue, such as targeting a different repository or modifying the issue body to include other sensitive files (e.g., ~/.ssh/id_rsa).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:57 AM