azure-hosted-copilot-sdk

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • External Resource Acquisition: The skill scaffolds project templates from a public repository and suggests using an NPM-based MCP server for documentation. While these resources originate from established and well-known entities, downloading code and configuration from external registries is a pattern that usually involves verifying the source integrity.\n- Credential Management: The skill provides detailed guidance and specific scripts for managing authentication tokens for GitHub and Azure. This includes retrieving tokens via CLI tools and storing them in environment variables for the deployment process. While these are standard practices for developers, they involve the handling of sensitive authorization data.\n- Command Execution and Environment Interaction: To perform its tasks, the skill executes various CLI commands (such as azd, docker, and gh) and reads local project files (like package.json). These operations are necessary for environment verification, infrastructure setup, and automated routing based on the codebase's content.\n- Dynamic Ingestion Surface: The skill reads and processes information from the user's workspace and external repositories to adapt its deployment logic. This capability allows it to provide context-aware assistance, though it technically creates a surface for processing external content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 08:05 AM
Security Audit — agent-trust-hub — azure-hosted-copilot-sdk