Skip to content

fix(ci): harden agent issue prompts#2359

Open
devi-labs wants to merge 4 commits into
mainfrom
fix/harden-agent-issue-prompts
Open

fix(ci): harden agent issue prompts#2359
devi-labs wants to merge 4 commits into
mainfrom
fix/harden-agent-issue-prompts

Conversation

@devi-labs

@devi-labs devi-labs commented Jul 1, 2026

Copy link
Copy Markdown

Description

Harden the agent issue workflows so untrusted issue titles are no longer interpolated directly into workflow prompts. The workflows now pass only the issue number, require the agent to fetch issue details explicitly, treat issue content as untrusted data, and apply the paranoid-path block-mode headers to both triage and fix paths.

Reviewers' hat-rack 🎩

Please focus on the GitHub Actions trigger conditions and prompt boundaries:

  • no direct interpolation of issue title/body into prompts
  • the labeled trigger guard for trusted issue authors
  • block-mode proxy headers on both agent workflows
  • skill guidance for treating issue content as untrusted data

Screenshots or videos

N/A

Test plan

  • Parsed both modified workflow YAML files with Ruby YAML loader
  • Searched modified workflows for direct github.event.issue.title interpolation
  • Verified agent-fix.yml now has paranoid-path block-mode headers
  • Workflow dry run in GitHub Actions (not run: workflows are label-triggered and do not define workflow_dispatch; YAML parsing and PR CI were used instead)

@devi-labs devi-labs requested a review from naqvitalha July 6, 2026 15:26
Assisted-By: devx/19751835-7576-443a-b467-a2c2c64d8935
@devi-labs

devi-labs commented Jul 6, 2026

Copy link
Copy Markdown
Author

Pushed follow-up commit 14e2f49 to tighten the labeled triggers and clarify the issue-number prompt handling

Validation done:

  • Parsed both modified workflow YAML files locally with Ruby YAML loader.
  • Confirmed there are still no direct github.event.issue.title / github.event.issue.body interpolations in the agent workflows.
  • PR CI reran on the latest commit. The iOS e2e job is still failing before tests execute because Homebrew refuses the wix/brew tap for applesimutils

Refusing to load formula wix/brew/applesimutils from untrusted tap wix/brew.\nRun `brew trust --formula wix/brew/applesimutils` or `brew trust wix/brew` to trust it. - That failure appears unrelated to these workflow prompt-boundary changes.

@devi-labs devi-labs marked this pull request as ready for review July 6, 2026 18:26
devi-labs added 2 commits July 6, 2026 15:32
Assisted-By: devx/19751835-7576-443a-b467-a2c2c64d8935
Assisted-By: devx/19751835-7576-443a-b467-a2c2c64d8935
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants