Is GitHub Copilot Chat safe?

Findings

Uses Third Party AI Model

Flags items that process data using third-party AI models. AI models can be used to process data in a way that may not be transparent to the user. This can lead to organization policy violation, data leakage, privacy concerns and potential misuse of data.

low

Filesystem Write Access

Flags items that create, modify, or delete files in the filesystem.

low

Filesystem Read Access

Flags items that access and read files from the filesystem.

low

All findings are available for Enterprise users

Code analysis

AI-powered analysis of the extension's source code for security insights and risk assessment.

Purpose and Intention:

This code is for the GitHub Copilot Chat VSCode extension. Its purpose is to provide AI-powered chat features in VSCode, leveraging Copilot's AI models to assist with code, answer questions, and provide code-related suggestions and explanations. The extension integrates with VSCode's chat, interactive, and command APIs, and provides a wide range of commands, menus, and configuration options for users.

API Calls and Integration:

The extension integrates deeply with VSCode's extension API, using activation events, chat providers, commands, menus, and configuration schemas.
It registers many commands (e.g., sign in, explain, review, fix, generate docs/tests, feedback, etc.) and chat participants for different contexts (editor, terminal, workspace, etc.).
It uses VSCode's localization and telemetry APIs for internationalization and usage analytics.

Network Activity:

The extension description and code reference the use of AI models and Copilot services, which implies network communication with GitHub Copilot servers to process user prompts and return AI-generated responses.
There are fetch calls for loading files over HTTP/HTTPS, specifically for things like model/tokenizer files (e.g., fetch(t.toString(), ...) in the tokenizer logic), but these are for model support and not for arbitrary data exfiltration.
No evidence of arbitrary or hidden network requests to unknown endpoints; all network activity appears to be related to Copilot's intended functionality.

Filesystem Activity:

The extension reads and writes files for configuration, logs, and model support (e.g., reading tokenizer files, writing logs for Application Insights telemetry, etc.).
Uses standard Node.js fs and fs/promises modules for file operations, but all usage is consistent with extension operation (e.g., reading config, storing logs, handling model files).

Process Execution:

There are some scripts in the scripts section (e.g., for setup, postinstall, patching, etc.), but these are standard for VSCode extensions and are not executed at runtime by the extension itself.
No evidence of arbitrary or hidden process execution from within the extension runtime.

Obfuscation Techniques:

The code is minified and bundled, but not obfuscated. Variable names are shortened and whitespace is removed, but there is no evidence of string encryption, control flow flattening, or other obfuscation techniques.

Potential Backdoors, Data Exfiltration, or Code Execution:

No evidence of backdoors, hidden code execution, or data exfiltration. All network and file operations are consistent with the extension's purpose and are not hidden or disguised.
The extension does not appear to execute arbitrary code or shell commands from user input.

Summary:

The extension is a large, complex, but standard VSCode extension for integrating GitHub Copilot Chat features. It interacts with VSCode APIs, Copilot servers, and local files as expected for its purpose. No strong indicators of malicious activity or intent were found.

API Calls

API calls detected through static analysis of the source code. For more accurate insights, explore our sandbox dynamic analysis.

critical

process.exit

nodejs

/extension/dist/extension.js

low

process.version

nodejs

/extension/dist/extension.js

low

process.stderr

nodejs

/extension/dist/extension.js

All API calls are available for Enterprise users

Secrets

Any encoded/decoded secrets we managed to find in the source code, git repository, or related files

Github

/extension/ThirdPartyNotices.txt

Unverified

All secrets are available for Enterprise users

Vulnerabilities

Known vulnerabilities and security issues detected in the extension's dependencies and code.

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

VULNERABILITIES ARE AVAILABLE FOR ENTERPRISE USERS

External communication

Any identifiers we detected that may indicate external communication from the item's code

https://openaipublic.blob.core.windows.net/encod

extension/dist/extension.js

https://github.com/adobe/helix-fetch#readme

extension/dist/extension.js

https://github.com/microsoft/vscode-copilot-release

extension/dist/extension.js

All external communications are available for Enterprise users

Dependencies

Dependencies and third-party libraries used by the extension, including version information and license details.

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

DEPENDENCIES ARE AVAILABLE FOR ENTERPRISE USERS

Licenses & Compliance

Compliance

Compliance status and certifications for the extension and its publisher

GitHub

GitHub has stated that it processes Personal Data in compliance with the GDPR, ensuring a lawful basis for each processing activity. Therefore, it is compliant with GDPR regulations. Additionally, Microsoft, as the parent company of GitHub, has confirmed its commitment to GDPR compliance across its cloud services, providing GDPR related assurances in its contractual commitments.

Compliant

Licenses

"GITHUB LICENSE TERMS FOR EXTENSIONS\n\n© GitHub, Inc. (“GitHub”). All rights reserved. \n\nThese license terms are an agreement between you and GitHub. They apply to the extensions (“Extensions”) pub...