copilot-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's MCP Servers section (SKILL.md) shows connecting to external MCP endpoints (e.g., "https://api.githubcopilot.com/mcp/") to surface GitHub repositories, issues, and PRs, and the Tools & Hooks docs (the lookup_issue example and "How Tool Invocation Works") explicitly describe fetching and returning issue content (including comments) that the agent incorporates into its responses, meaning untrusted, user-generated third‑party content is read and can materially influence agent behavior.