github-copilot-sdk
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references and installs official packages from trusted repositories and registries.
- Packages include
@github/copilot-sdk(NPM),github-copilot-sdk(PyPI), andGitHub.Copilot.SDK(NuGet), which are maintained by GitHub. - Documentation links point to official
github.com/githubrepositories. - [COMMAND_EXECUTION]: The documentation describes SDK capabilities that include file system operations, Git commands, and web requests.
- These features are part of the SDK's intended "agentic" functionality, allowing developers to create agents that interact with their local environment and the web.
- The SDK operates in an optional
--allow-allmode which grants these permissions to the underlying agent runtime. - [PROMPT_INJECTION]: The skill outlines how to configure system messages and custom agent personas.
- There are no patterns suggesting attempts to bypass safety filters or override the host agent's instructions; the usage is strictly for defining the behavior of the application being built with the SDK.
- [INDIRECT_PROMPT_INJECTION]: As a development kit for AI agents, the SDK documentation describes a surface where untrusted data (from web requests or files) may be processed by an LLM.
- Ingestion points: External data returned by tools or retrieved from the file system.
- Capability inventory: The SDK provides access to file systems and network operations by default.
- This surface is inherent to the primary purpose of building agentic applications and is documented for legitimate development use.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata