azure-hosted-copilot-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly instructs the agent to fetch and read public GitHub content (e.g., references/copilot-sdk.md directs using context7-resolve-library-id / context7-query-docs and falling back to github-mcp-server-get_file_contents on the public repos like "github/copilot-sdk" and "azure-samples/copilot-sdk-service"), which causes the agent to ingest untrusted, user-controlled third-party content that can influence subsequent code-selection and deployment actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to call runtime MCP tools (e.g., context7 queries and the fallback github-mcp-server-get_file_contents) to read files from the GitHub repo https://github.com/github/copilot-sdk and then "select the most relevant snippets" to use in the user's scenario, meaning fetched remote content is pulled at runtime and can be injected into the model context to control prompts.