Github Copilot Cli
Security checks across malware telemetry and agentic risk
Overview
This skill appears to be a coherent guide for using GitHub Copilot CLI, with no evidence of hidden persistence, exfiltration, or destructive behavior.
Install only if you intend to use GitHub Copilot CLI. Be aware that any commands you run through GitHub CLI may use your existing GitHub authentication and can contact GitHub services, but the skill itself does not show hidden or disproportionate behavior.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.