The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill guides the installation of official SDK packages from trusted registries (e.g., NPM, PyPI) and references documentation on official GitHub domains. These references are to well-known and trusted services.\n- [COMMAND_EXECUTION]: The SDK architecture involves the automatic spawning and management of a local CLI process in server mode to provide agentic functionalities.\n- [DATA_EXFILTRATION]: The skill describes agent capabilities to access filesystem content through attachments and provides for local state persistence in ~/.copilot/session-state/. These features are integral to the SDK's operation.\n- [PROMPT_INJECTION]: The configuration allows a replace mode for system messages, which permits developers to override default instructions and guardrails. It also presents an indirect prompt injection surface as it ingests untrusted data (user prompts, file attachments in SKILL.md) and possesses significant capabilities (CLI execution, network requests in references/authentication.md), though its documentation lacks explicit boundary markers and only illustrates sanitization via a placeholder in code comments.\n- [SAFE]: No malicious obfuscation, hidden URLs, or unauthorized data collection patterns were detected. The skill's behavior is consistent with its stated purpose as a development kit for GitHub Copilot services.

copilot-sdk