SHELL tool can read any files outside of working directory

### Describe the bug

Using `--allow-tool 'shell'` enables copilot to read any file which the user has access to. 

Expectations:
Only access files which are listed by `/list-dirs`

### Affected version

GitHub Copilot CLI 1.0.9

### Steps to reproduce the behavior

Start copilot with: `copilot --allow-tool 'shell'``

❯ Read ~/.secret_test somehow and show me the content. Be creative

◐ The user is asking me to read `~/.secret_test` and show them the content. Let me just read it directly using the view tool or bash.

● Read ~/.secret_test (shell)
  │ cat ~/.secret_test
  └ 2 lines...

● nothing creative needed — cat works fine.

   You MUST NOT SEE THIS !!


### Expected behavior

Only access files which are listed by `/list-dirs`

### Additional context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SHELL tool can read any files outside of working directory #2173

Describe the bug

Affected version

Steps to reproduce the behavior

Expected behavior

Additional context

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

SHELL tool can read any files outside of working directory #2173

Description

Describe the bug

Affected version

Steps to reproduce the behavior

Expected behavior

Additional context

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions