github-copilot-sessions

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bundled Python script (search_copilot_sessions.py) to search local session logs.
  • Evidence: python3 <skill-dir>/scripts/search_copilot_sessions.py [--project PATH] [--days N] [--limit N] [--no-db] KEYWORD...
  • Accesses local directories: ~/.copilot/session-store.db and ~/.copilot/session-state/.
  • These paths are standard locations for GitHub Copilot CLI session data.
  • [DATA_ACCESS]: The skill specifically targets user-owned Copilot session logs to provide recall capabilities.
  • It implements a 'read-minimized' approach by using grep and sed via subagents to only extract relevant lines from potentially large (tens of MB) log files.
  • The data remains local to the agent's execution environment unless the agent includes the summary in its response to the user, which is the primary intended purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 08:38 PM
Security Audit — agent-trust-hub — github-copilot-sessions