Skills
NYC
skills/vm0-ai/vm0-skills/github-copilot/Gen Agent Trust Hub

github-copilot

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • COMMAND_EXECUTION (LOW): The skill recommends using bash -c to execute curl commands. This pattern is intended to preserve environment variables but introduces a potential shell injection surface if the agent populates placeholders (like your-org-name or team-name) with unvalidated data from external sources.
  • DATA_EXFILTRATION (SAFE): Network requests are directed exclusively to api.github.com, which is a trusted domain for this context. The primary function of the skill is to transmit data to and from this API.
  • CREDENTIALS_UNSAFE (SAFE): Authentication is handled via the GITHUB_TOKEN environment variable, which is correctly declared as a secret in the skill's YAML frontmatter. Documentation examples use standard placeholders (ghp_xxxxxxxxxxxx).
  • INDIRECT_PROMPT_INJECTION (LOW): The skill processes data from GitHub API responses.
  • Ingestion points: JSON responses from GitHub (e.g., list of seat assignments, usage metrics).
  • Boundary markers: No explicit boundary markers or delimiters are used in the command templates for data interpolation.
  • Capability inventory: File writing to /tmp and execution of shell commands via bash -c.
  • Sanitization: No explicit sanitization or validation of API-returned data before it is used in subsequent CLI operations is defined within the skill itself.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:05 PM