copilot-coding-agent
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash scripts provided by the author (scripts/copilot-setup-workflow.sh, scripts/copilot-assign-issue.sh) to perform setup and issue assignment tasks. It also leverages the GitHub CLI (gh) for repository interactions and jq for JSON processing.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from GitHub Issues to drive automated actions.
- Ingestion points: GitHub Issue titles and bodies provided via the gh CLI or read by the automated workflow.
- Boundary markers: No explicit delimiters or instructions are used to distinguish issue content from agent commands.
- Capability inventory: Execution of local bash scripts, use of the GitHub CLI for issue/label modification, and triggering GitHub Copilot for code generation and branch creation.
- Sanitization: No input sanitization is performed on the issue content; however, the skill documentation correctly notes that resulting Pull Requests are created as Drafts and require manual approval from a user with write permissions, providing a necessary human-in-the-loop security control.
Audit Metadata