copilot-sdk
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install official GitHub SDK packages from standard registries (NPM, PyPI, NuGet, and Go modules). All packages and repositories are owned by the verified vendor (GitHub).
- [COMMAND_EXECUTION]: Provides standard commands for initializing projects and running developer scripts (e.g.,
npm install,dotnet run,npx tsx). These are typical for developer-focused documentation and do not involve suspicious privilege escalation. - [DATA_EXFILTRATION]: No evidence of unauthorized data transmission. The skill references official GitHub API endpoints (e.g.,
api.githubcopilot.com/mcp/) for its Model Context Protocol integration, which is the intended behavior of the SDK. - [SAFE]: Code examples demonstrate standard security practices for SDK usage, such as managing session lifecycles, using typed parameters for tools, and implementing graceful shutdowns.
Audit Metadata