create-github-action

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The package contains an explicit agentic workflow generator that installs and runs an external Copilot CLI with --allow-tool read/write/shell, injects repository context into prompts and uses a COPILOT_GITHUB_TOKEN secret, which intentionally enables remote model access with file read/write and shell capabilities — a direct vector for remote code execution and data exfiltration.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The generated CI/CD agent workflow installs and runs the GitHub Copilot CLI at runtime via "npm i -g @github/copilot" and then invokes it with a prompt assembled from .github/agents/{name}.agent.md, meaning remote code (the npm package) is fetched during execution and is used to run/act on the agent prompt (command: npm i -g @github/copilot).