Trust Assessment
copilot-sdk received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 3 high, 0 medium, and 0 low severity. Key findings include Skill recommends overly permissive permission handling, Skill recommends overly permissive permission handling (example), Skill mentions bypassing permissions for custom tools.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on June 1, 2026 (commit 9b0e00ad). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill recommends overly permissive permission handling The skill documentation explicitly recommends using `approveAll` as a permission handler for Copilot SDK sessions and mentions `skipPermission` for custom tools. This practice grants broad, automatic approval to all permission requests made by the Copilot SDK, potentially allowing the underlying AI agent to perform sensitive operations (e.g., file system access, network requests, or tool execution) without explicit user consent or review. This significantly increases the attack surface if the agent or its tools are compromised or misused. Advise against using `approveAll` or `skipPermission` in production or sensitive contexts. Instead, recommend implementing a granular permission handler that requires explicit user confirmation for sensitive actions or uses a strict allow-list based on the specific needs of the application. If `approveAll` is used for development, clearly state this limitation and provide guidance for secure production deployment. | LLM | SKILL.md:59 | |
| HIGH | Skill recommends overly permissive permission handling (example) The TypeScript example provided in the skill documentation explicitly uses `onPermissionRequest: approveAll`. This reinforces the recommendation to use an overly permissive permission handler, which can lead to the Copilot SDK performing sensitive actions without explicit user consent. This significantly increases the attack surface if the agent or its tools are compromised or misused. Modify the example to use a more secure, granular permission handling mechanism, or add a prominent warning that `approveAll` should not be used in production environments. Provide an alternative example that demonstrates how to implement a permission handler that requires explicit user confirmation for sensitive actions. | LLM | SKILL.md:120 | |
| HIGH | Skill mentions bypassing permissions for custom tools The skill documentation states that 'Custom tools can also opt into `skipPermission`'. Allowing custom tools to bypass the permission system (`skipPermission`) is a significant security risk. If an agent is instructed to create or use custom tools with this option, it could lead to arbitrary code execution, unauthorized data access, or other malicious activities without any permission checks. Strongly advise against using `skipPermission` for custom tools, especially in production environments. If it's a necessary feature for specific use cases, add clear warnings about the security implications and provide guidance on how to mitigate risks, such as strict sandboxing or code review for such tools. | LLM | SKILL.md:165 |
Scan History
Embed Code
[](https://skillshield.io/report/9b6c2d8a43f90bf9)
Powered by SkillShield