awesome-copilot-sync
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
check_drift.pyexecutes thegh(GitHub CLI) command usingsubprocess.run. This is used to query the GitHub API for commit information from a hardcoded repository (github/awesome-copilot). The command construction uses a list of arguments, which is a safe practice against shell injection. - [EXTERNAL_DOWNLOADS]: The skill queries the GitHub API to fetch commit metadata. This is a read-only operation targeting a well-known service (GitHub) for the purpose of checking software updates.
- [DATA_EXFILTRATION]: The script reads and writes a state file at
~/.amplihack/awesome-copilot-sync-state.json. This file only contains timestamps and commit SHAs related to the monitored repository. No sensitive system data or credentials are accessed or transmitted.
Audit Metadata