github-copilot-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly configures MCP servers that fetch public, user-generated content (e.g., the "GitHub Integration" and "Brave Search" entries under "MCP Server Integration" and examples like "Search GitHub for recent issues") which the Copilot CLI is instructed to read and act on, allowing external webpages/issues/search results to influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The MCP configuration runs npx to fetch and execute remote MCP server packages at runtime (e.g., "npx -y @modelcontextprotocol/server-github"), which downloads and executes third‑party code that can supply model context and thus directly control prompts/execute code.