ogt-cli-copilot
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): (Category 8) The skill has a high vulnerability to Indirect Prompt Injection. It processes untrusted data from the local filesystem (repository files, structure, and git history) to generate code suggestions. There are no boundary markers or sanitization steps mentioned. Malicious instructions embedded in a repository could manipulate the agent into generating vulnerable code or performing unauthorized actions.
- [COMMAND_EXECUTION] (MEDIUM): The documentation references a bundled script
scripts/run-copilot-task.cjsfor non-interactive execution. As this file is missing from the skill payload, its implementation of command assembly and output handling cannot be verified for shell injection vulnerabilities or unsafe execution patterns. - [EXTERNAL_DOWNLOADS] (LOW): The skill installs the GitHub CLI (
gh) via system package managers. Per [TRUST-SCOPE-RULE], GitHub is a trusted source, so the installation of the prerequisite tool is considered low risk.
Recommendations
- AI detected serious security threats
Audit Metadata