Skills
skills/github/awesome-copilot/brag-sheet/Gen Agent Trust Hub

brag-sheet

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git and gh (GitHub CLI) to retrieve the user's recent activity, such as commit history and pull request titles. It also uses standard filesystem commands to check for the existence of local Copilot session logs.
  • [EXTERNAL_DOWNLOADS]: The documentation references the microsoft/copilot-brag-sheet repository on GitHub as an optional resource for background tracking.
  • [PROMPT_INJECTION]: The skill processes untrusted data from git logs and PR titles, which presents an indirect prompt injection surface. The skill manages this risk by requiring users to review and confirm all drafted entries. Evidence: Ingestion points (git logs, GitHub PR titles, workspace.yaml), Capability inventory (git, gh, ls), Boundary markers (absent), Sanitization (absent).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 08:06 AM