azure-hosted-copilot-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read public GitHub repositories (e.g., using github-mcp-server-get_file_contents for owner:"github" repo:"copilot-sdk" and owner:"azure-samples" repo:"copilot-sdk-service", and optionally context7 queries) and then to select and apply snippets from those docs as part of scaffolding/deployment and configuration, so untrusted third-party content could directly influence actions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill explicitly uses a runtime tool call to fetch raw repo files (github-mcp-server-get_file_contents) from https://github.com/github/copilot-sdk (and suggests installing context7 via npx) to read documentation/code examples that are injected into the agent context and can directly control prompts, so it is a runtime dependency that can influence agent behavior.