Vulnerabilities in the GitHub Copilot CLI expose users to the risk of arbitrary shell command execution via indirect prompt injection without any user approval. We demonstrate that malware can be downloaded from external servers and executed with no user interaction beyond the initial query to the Copilot CLI.