SQL tool invoke filters "attach" in the text of the value being inserted

### Describe the bug

```

﻿✗ Store identify review results (sql)
  │ INSERT INTO trace_reviews (trace, function_name, file, status, finding) VALUES
  └ Blocked SQL statement: "attach" is not allowed for security reasons.


```
I saw the above error in the trace of my agent using sql to track the status of a code review. 

The model said this:
```
﻿● The word "attach" in data triggers the filter. Let me split the inserts:
```

Looks like there needs to be some better filtering of commands versus values when evaluating the safety of sql statements. Maybe ask sqlite-ast-parser to parse the statement first and then evaluate the different parts of the statement? Or use `sqlite3_set_authorizer` to inspect commands as they execute.

### Affected version

﻿GitHub Copilot CLI 1.0.10

### Steps to reproduce the behavior

I asked for a trace-by-trace code review of a codebase via claude opus 4.6.  It chose to use a sqlite database to track status of review. the codebase contains the word attach in its functions.

### Expected behavior

_No response_

### Additional context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SQL tool invoke filters "attach" in the text of the value being inserted #2221

Describe the bug

Affected version

Steps to reproduce the behavior

Expected behavior

Additional context

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

SQL tool invoke filters "attach" in the text of the value being inserted #2221

Description

Describe the bug

Affected version

Steps to reproduce the behavior

Expected behavior

Additional context

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions