Skills
skills/github/awesome-copilot/copilot-sdk/Snyk

copilot-sdk

Warn

Audited by Snyk on Apr 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly documents MCP Server integration (see "MCP Server Integration" in SKILL.md) and shows connecting to GitHub's MCP server for repository, issue, and PR access, which ingests user-generated/public content that the agent can read and act on.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 15, 2026, 03:07 PM
Issues
1