Skills
skills/richfrem/project_sanctuary/copilot-cli-agent/Gen Agent Trust Hub

copilot-cli-agent

Pass

Audited by Gen Agent Trust Hub on May 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to invoke the copilot CLI. It builds command lines dynamically to pipe input files and instructions. Instructions in SKILL.md and references/fallback-tree.md mandate environment verification via smoke tests and discourage the use of high-privilege flags like --allow-all-tools.
  • [PROMPT_INJECTION]: The skill processes untrusted data (file content) by piping it to an LLM sub-agent, creating an indirect injection surface.
  • Ingestion points: cat <INPUT> | copilot ... in SKILL.md.
  • Boundary markers: Commands are prefixed with isolation instructions ("Do NOT use tools. Do NOT search filesystem.") to mitigate injection risks.
  • Capability inventory: The skill utilizes Bash, Read, and Write capabilities across its scripts.
  • Sanitization: Input content is piped directly without transformation; security relies on the sub-agent's prompt constraints.
Audit Metadata
Risk Level
SAFE
Analyzed
May 24, 2026, 08:27 AM
Security Audit — agent-trust-hub — copilot-cli-agent