copilot-sdk

The document describes a legitimate-looking Copilot SDK with powerful extensibility, but it contains multiple supply-chain and data-exposure risks inherent to its features: runtime package execution via npx, ability to load arbitrary local skills, wildcard tool exposure, and forwarding tokens/keys to user-specified HTTP endpoints. There is no direct evidence of embedded malware or obfuscated malicious code in this README. However, misconfiguration or loading untrusted MCP servers/skills could lead to credential leakage or arbitrary code execution. Treat usage as medium-risk: enforce strict vetting of MCP endpoints, avoid running npx installs from untrusted packages, restrict tools (avoid "*"), and only load trusted skill directories.