Skills
skills/richfrem/agent-plugins-skills/copilot-cli-agent/Gen Agent Trust Hub

copilot-cli-agent

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the GitHub Copilot CLI via the Bash tool. It implements a security-positive pattern by using env -u to unset sensitive environment variables (e.g., GITHUB_TOKEN, GH_TOKEN) during execution to prevent token precedence collisions and ensure session integrity.
  • [INDIRECT_PROMPT_INJECTION]: The skill's primary function is to pipe external file content into an LLM context, which presents an attack surface for indirect prompt injection. The skill mitigates this by using explicit boundary markers and instructions.
  • Ingestion points: Untrusted data enters the context via cat <INPUT> substitutions in the CLI command defined in SKILL.md.
  • Boundary markers: The skill uses ---SOURCE DOCUMENT--- and ---INSTRUCTION--- delimiters to separate data from instructions.
  • Capability inventory: The skill has access to Bash, Read, and Write tools to execute the CLI and manage findings.
  • Sanitization: No programmatic sanitization is applied to the input data; the skill relies on the sub-agent's persona and explicit 'Do NOT use tools' instructions to maintain isolation.
  • [SAFE]: No malicious patterns such as obfuscation, hardcoded credentials, unauthorized persistence, or privilege escalation were detected. The interactions with the Copilot CLI are consistent with its intended purpose as a development and audit tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 06:09 PM