copilot-coding-agent
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE] (LOW): The skill documentation instructs users to create a Personal Access Token (PAT) and set it as a repository secret (
COPILOT_ASSIGN_TOKEN). While the guide uses best practices by recommendinggh secret set, manual handling of tokens by users always carries a minor risk of exposure if not handled correctly. - [COMMAND_EXECUTION] (LOW): The skill executes local setup and automation scripts (
scripts/copilot-setup-workflow.sh,scripts/copilot-assign-issue.sh). These scripts are local to the skill repository and perform routine automation (GitHub Actions setup, GraphQL API calls). - [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard GitHub documentation and tools (gh CLI, planno). References to GitHub's own infrastructure (docs.github.com) are considered trusted sources.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from GitHub Issue bodies into the Copilot Coding Agent context.
- Ingestion points: Issue descriptions and comments (
gh issue create --body). - Boundary markers: None explicitly defined in the prompts shown.
- Capability inventory: File write and PR creation via Copilot Agent.
- Sanitization: Relies on GitHub's internal safety filters for Copilot.
Audit Metadata