sync-copilot-workflows
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute a local Node.js script located at .claude/scripts/sync-copilot-workflows.cjs. This execution is required for the intended purpose of synchronizing workflow configurations across the repository.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection vulnerability surface. 1. Ingestion points: The skill reads workflow definitions and keyword matching logic from .claude/workflows.json. 2. Boundary markers: The skill documents the use of markers in the target file to delimit the injected content. 3. Capability inventory: The skill has the capability to modify .github/copilot-instructions.md, which directly influences the behavior and instructions of the GitHub Copilot agent. 4. Sanitization: There is no documented validation or sanitization of the JSON content before it is injected into the instruction file, which could allow malicious instructions in the source file to persist in the agent's instructions.
Audit Metadata