Skip to content

Add malicious PR security review workflow#984

Merged
paullizer merged 2 commits into
microsoft:Developmentfrom
paullizer:feature/workflows-and-prompts
Jul 1, 2026
Merged

Add malicious PR security review workflow#984
paullizer merged 2 commits into
microsoft:Developmentfrom
paullizer:feature/workflows-and-prompts

Conversation

@paullizer

Copy link
Copy Markdown
Contributor

Summary

  • Adds a malicious PR/file security review prompt for adversarial review of PRs, branch diffs, commit ranges, and explicit files.
  • Adds a GitHub Actions workflow that runs the static checker on PRs into Development and via workflow_dispatch.
  • Adds the static checker and functional coverage for dependency policy, hidden Unicode, suspicious egress markers, workflow/prompt wiring, and the version bump.

Validation

  • python -m py_compile scripts/check_malicious_pr_security_review.py
  • python functional_tests/test_malicious_pr_security_review_checker.py (4/4 passed)
  • git -c core.whitespace=blank-at-eol,blank-at-eof,space-before-tab,cr-at-eol diff --cached --check

Issue

No associated GitHub issue was provided.

paullizer added 2 commits July 1, 2026 08:45
Adds a static malicious-change checker, GitHub Actions workflow, reusable security review prompt, GitHub issue workflow guidance, focused functional test coverage, and bumps the app version to 0.250.006.
Documents the new malicious PR security review workflow under version 0.250.006 so PR release-note checks can pass.
@paullizer paullizer merged commit af5a28f into microsoft:Development Jul 1, 2026
8 checks passed
@paullizer paullizer deleted the feature/workflows-and-prompts branch July 1, 2026 12:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant