copilot-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly demonstrates MCP Server Integration that connects the agent to a GitHub MCP server (e.g., "https://api.githubcopilot.com/mcp/") to access repository data, issues, and PRs—public, user-generated content the agent is expected to read and incorporate into its workflow, which could carry arbitrary instructions and influence tool use.