Feature Request / Bug Report: GitHub Copilot Generated Dangerous PowerShell Script Caused Complete Data Loss on Entire E: Drive

[hnlyf168]

🏷️ Discussion Type

Bug

💬 Feature/Topic Area

Copilot in GitHub

Body

To: GitHub Copilot Support & Engineering TeamSubject: Critical Safety Issue: AI-generated script with \?\ long path bug caused unintended recursive deletion of the entire E: drive

1. Incident Overview
   I am a paid GitHub Copilot user. During a normal development session, I asked Copilot to help clean up the bin and obj build directories of my .NET backend project.
   Instead, Copilot automatically generated a dangerous PowerShell command that contained a critical Windows path-parsing bug. When executed, this script erased my entire E: drive (all personal and project data), not just the target folders.
   This is a severe safety failure in Copilot’s code generation logic for Windows system commands.
2. The Dangerous Code Generated by Copilot
   powershell
   $binPath = '\?\e:\product\晖通OS系列\src\系统管理\backend\bin';
   $objPath = '\?\e:\product\晖通OS系列\src\系统管理\backend\obj';
   cmd /c "rd /s /q "$binPath"";
   cmd /c "rd /s /q "$objPath"";
   Critical Defects in This AI-Generated Code:
   Unsafe use of \?\ long path prefix with cmd /c rd (Windows CMD does not properly support this prefix with Chinese/whitespace paths)
   Broken quoting logic that causes path truncation
   No safety checks to prevent deletion of drive roots
   Actual Destructive Behavior
   Due to the \?\ prefix + path parsing failure in CMD, the command was misinterpreted as:
   cmd
   rd /s /q \?\e:
   This recursively deletes the entire E: drive without any confirmation.
3. My Intended Goal (Normal & Safe Operation)
   I only wanted Copilot to:
   Clean the local project bin and obj folders
   Fix build path issues for my .NET project
   Stay within the project directory:
   e:\product\晖通OS系列\src\系统管理\backend\
4. Full Context & Conversation History (Simplified)
   My workflow was standard development cleanup:
   I was building a .NET backend project
   I asked Copilot to fix build path issues and clean cache directories
   Copilot ran multiple safe cleanup commands correctly
   In the final step, Copilot switched to the \?\ long path syntax and created the destructive script
   I immediately noticed directory deletion outside the project and terminated the process
   Damage was already done: entire E: drive data loss
5. Harm Caused
   Complete data loss on the entire E: drive
   Lost personal files, development projects, source code, and documents
   Significant time cost for data recovery
   Severe impact on my work progress
6. My Feature Requests & Safety Improvement Demands
   To prevent this from happening to other users, I demand GitHub Copilot implement critical safety guardrails:
   Block dangerous combinations
   Prohibit AI generation of \?\ + cmd /c rd /s /q + long/Chinese paths
   Mandatory safety checks for delete commands
   Never allow scripts that could accidentally target drive roots (e.g., e:, d:)
   High-risk alert system
   Show a prominent warning before executing recursive deletion commands
   Path validation logic
   Verify generated paths before execution
   Prevent path truncation bugs
   Better Windows long-path support
   Use native PowerShell Remove-Item instead of risky cmd /c rd commands
7. Closing Statement
   This is a critical safety vulnerability in GitHub Copilot’s code generation. It directly caused irreversible data loss for a paying user.
   I request:
   Immediate investigation of this bug
   Safety patches to prevent similar incidents
   Support for data recovery and incident follow-up
   Thank you for your urgent attention.

[github-actions[bot]]

💬 Your Product Feedback Has Been Submitted 🎉

Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users.

Here's what you can expect moving forward ⏩

• Your input will be carefully reviewed and cataloged by members of our product teams. 
  • Due to the high volume of submissions, we may not always be able to provide individual responses.
  • Rest assured, your feedback will help chart our course for product improvements.
• Other users may engage with your post, sharing their own perspectives or experiences. 
• GitHub staff may reach out for further clarification or insight. 
  • We may 'Answer' your discussion if there is a current solution, workaround, or roadmap/changelog post related to the feedback.

Where to look to see what's shipping 👀

• Read the Changelog for real-time updates on the latest GitHub features, enhancements, and calls for feedback.
• Explore our Product Roadmap, which details upcoming major releases and initiatives.

What you can do in the meantime 💻

• Upvote and comment on other user feedback Discussions that resonate with you.
• Add more information at any point! Useful details include: use cases, relevant labels, desired outcomes, and any accompanying screenshots.

As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities.

Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐