github-copilot-sdk

This manifest documents a legitimate Copilot SDK integration (not executable malware). However, the documentation promotes high-risk defaults: --allow-all tooling and auto_activate:true without clear permissioning, sandboxing, or secure auth guidance. These defaults create plausible paths for sensitive local data (files, repo contents, credentials) to be exfiltrated via tool handlers or misconfigured MCP endpoints. Recommend changing defaults to deny-by-default for potentially destructive tools, require explicit scope/consent for filesystem/git/network access, document secure auth flows and token handling for CLI/MCP connections, and ensure example endpoints are clearly marked as placeholders or validated official endpoints. Treat integrations as security-sensitive and apply host-level permission controls and input validation for all tool handlers.