build-copilot-sdk-app
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The documentation describes a configuration option (
systemMessage.mode: 'replace') that allows developers to replace the agent's entire system prompt, which is noted to bypass default SDK guardrails. This is a standard architectural feature of the SDK for developer control and is not presented as a malicious instruction. - [COMMAND_EXECUTION]: The skill provides examples of using tools to execute shell commands and manage files. It includes defensive programming examples, such as implementing hooks to detect and block destructive commands like 'rm -rf'.
- [REMOTE_CODE_EXECUTION]: The references explain how to configure local and remote Model Context Protocol (MCP) servers and CLI extensions (.mjs). These features allow the agent to execute code to extend its functionality, which is the core intended purpose of the described SDK.
- [EXTERNAL_DOWNLOADS]: The documentation references standard package installations from the official GitHub organization and other well-known services (OpenAI, Anthropic, Azure). All external references target trusted development ecosystems.
Audit Metadata