Skills
skills/github/awesome-copilot/vardoger-analyze/Gen Agent Trust Hub

vardoger-analyze

Warn

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install and execute a third-party CLI tool vardoger from an unverified source (GitHub repository dstrupl/vardoger) using pipx or uvx.
  • [DATA_EXFILTRATION]: The skill accesses highly sensitive local data at ~/.copilot/session-state/, which contains the user's private GitHub Copilot CLI conversation history. This data is processed and summarized by the AI agent.
  • [COMMAND_EXECUTION]: The skill explicitly directs the user to grant the agent write access beyond the sandbox environment to allow the vardoger tool to modify files in the home directory (~/.copilot/copilot-instructions.md and ~/.vardoger/state.json).
  • [COMMAND_EXECUTION]: Executes the vardoger CLI tool multiple times to prepare, batch, summarize, and write data to the user's filesystem.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 28, 2026, 05:55 PM