fix: prompt steers model away from GitHub MCP read tools when safe-outputs is also enabled by Copilot · Pull Request #21307 · github/gh-aw

Copilot · 2026-03-16T23:47:59Z

When both tools.github and safe-outputs are configured, the built-in prompt told the model to use safeoutputs for all GitHub operations. Because gh is unauthenticated, agents concluded auth was missing and fell back to missing_data instead of using the mounted GitHub MCP read tools (list_issues, list_pull_requests, etc.).

Changes

actions/setup/md/safe_outputs_prompt.md: "all GitHub operations" → "GitHub writes and completion signaling" — accurate regardless of whether GitHub MCP is co-mounted.
actions/setup/md/github_mcp_tools_prompt.md (new): Static prompt file injected when tools.github is enabled (without safe-outputs). Tells the model the GitHub MCP server is read-only and directs it to use MCP tools for all GitHub reads instead of unauthenticated gh commands.
actions/setup/md/github_mcp_tools_with_safeoutputs_prompt.md (new): Variant of the above that additionally directs writes and completion signaling to safeoutputs tools — used when both tools.github and safe-outputs are enabled.
pkg/workflow/prompt_constants.go: Added githubMCPToolsPromptFile and githubMCPToolsWithSafeOutputsPromptFile constants.

pkg/workflow/unified_prompt_step.go: collectPromptSections selects and injects the correct <github-mcp-tools> prompt file (IsFile: true) whenever tools.github is enabled, following the same pattern as safe_outputs_prompt.md. When safe-outputs is also present, the guidance explicitly separates the two paths:

The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing
and searching issues, pull requests, discussions, labels, milestones; reading workflow
runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use
shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs
tools for GitHub writes and completion signaling.

pkg/workflow/unified_prompt_step_test.go: Regression test TestCollectPromptSections_GitHubMCPAndSafeOutputsConsistency covering three cases — both enabled (with-safeoutputs file selected), only GitHub MCP (base file selected), and neither (no github_mcp_tools file emitted).
Wasm golden files: Updated basic-copilot.golden, smoke-copilot.golden, and with-imports.golden to reflect the new cat "/opt/gh-aw/prompts/github_mcp_tools_prompt.md" prompt step.

[!WARNING]

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

…b MCP is mounted - Change `safe_outputs_prompt.md` line 3: "all GitHub operations" → "GitHub writes and completion signaling" so the static intro is accurate regardless of whether GitHub MCP is also enabled. - Add `buildGitHubMCPToolsGuidance()` in `unified_prompt_step.go` and inject it as a `<github-mcp-tools>` section whenever `tools.github` is enabled. When safe-outputs is also enabled the section explicitly separates reads (GitHub MCP) from writes (safeoutputs) so the model is never steered away from the available read tools. - Add `TestCollectPromptSections_GitHubMCPAndSafeOutputsConsistency` regression test covering three scenarios: both enabled, only GitHub MCP, and no GitHub MCP. Fixes: #<issue> Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

pelikhan · 2026-03-17T01:37:32Z

.github/workflows/ci-doctor.lock.yml

          </github-context>
          
+          <github-mcp-tools>
+          The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling.


@copilot move prompt to file in actions/setup/md

Done in ebb542a. Moved the guidance to two static files in actions/setup/md/:

github_mcp_tools_prompt.md — base (no safe-outputs mention)

github_mcp_tools_with_safeoutputs_prompt.md — includes the reads/writes split sentence

The inline buildGitHubMCPToolsGuidance() function has been removed; collectPromptSections now picks the correct file with IsFile: true, matching the same pattern as safe_outputs_prompt.md.

Per review feedback, replace the inline buildGitHubMCPToolsGuidance() function with two static prompt files in actions/setup/md/, following the same pattern as safe_outputs_prompt.md: - actions/setup/md/github_mcp_tools_prompt.md - actions/setup/md/github_mcp_tools_with_safeoutputs_prompt.md Add two constants in prompt_constants.go and select the correct file in collectPromptSections based on whether safe-outputs is enabled. Update regression test assertions to check for the file constant rather than inline content. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot · 2026-03-17T01:46:24Z

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

https://api.github.com/graphql
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw B8yRy5JmXZo7 (http block)
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw ase,codename,all-C (http block)
https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
- Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha h ../../../.pret.prettierignore (http block)
https://api.github.com/repos/github/gh-aw
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
https://api.github.com/repos/githubnext/agentics/git/ref/tags/
- Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Copilot

Pull request overview

Updates the built-in prompt guidance so that when both tools.github (GitHub MCP) and safe-outputs are enabled, the model is directed to use GitHub MCP tools for GitHub reads and safeoutputs tools only for GitHub writes and completion signaling—avoiding unauthenticated gh usage and unnecessary missing_data fallbacks.

Changes:

Refines safeoutputs prompt wording to avoid claiming responsibility for all GitHub operations.
Adds GitHub MCP tool-use guidance prompt sections (base + “with safe-outputs” variant) and injects them when tools.github is enabled.
Adds a regression test and updates generated workflow lockfiles to include the new prompt file(s).

Reviewed changes

Copilot reviewed 178 out of 178 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
`actions/setup/md/safe_outputs_prompt.md`	Narrows guidance from “all GitHub operations” to “GitHub writes and completion signaling”.
`actions/setup/md/github_mcp_tools_prompt.md`	New prompt section describing GitHub MCP read-only usage for GitHub reads.
`actions/setup/md/github_mcp_tools_with_safeoutputs_prompt.md`	New prompt section explicitly splitting reads (GitHub MCP) vs writes/completion (safeoutputs).
`pkg/workflow/prompt_constants.go`	Adds constants for the new GitHub MCP guidance prompt filenames.
`pkg/workflow/unified_prompt_step.go`	Injects the appropriate GitHub MCP guidance prompt file whenever the GitHub tool is enabled.
`pkg/workflow/unified_prompt_step_test.go`	Adds regression coverage for GitHub MCP + safe-outputs prompt section consistency.
`.github/workflows/ace-editor.lock.yml`	Includes GitHub MCP guidance prompt in the generated system prompt.
`.github/workflows/agent-performance-analyzer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/agent-persona-explorer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/ai-moderator.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/archie.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/artifacts-summary.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/audit-workflows.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/auto-triage-issues.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/blog-auditor.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/bot-detection.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/brave.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/breaking-change-checker.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/changeset.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/ci-coach.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/ci-doctor.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/claude-code-user-docs-review.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/cli-consistency-checker.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/cli-version-checker.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/cloclo.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/code-scanning-fixer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/code-simplifier.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/codex-github-remote-mcp-test.lock.yml`	Includes GitHub MCP guidance prompt (base variant) in the generated system prompt.
`.github/workflows/commit-changes-analyzer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/constraint-solving-potd.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/contribution-check.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/copilot-agent-analysis.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/copilot-cli-deep-research.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/copilot-pr-merged-report.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/copilot-pr-nlp-analysis.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/copilot-pr-prompt-analysis.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/copilot-session-insights.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/craft.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-architecture-diagram.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-assign-issue-to-user.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-choice-test.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-cli-performance.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-cli-tools-tester.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-code-metrics.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-compiler-quality.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-copilot-token-report.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-doc-healer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-doc-updater.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-fact.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-file-diet.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-firewall-report.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-function-namer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-issues-report.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-malicious-code-scan.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-mcp-concurrency-analysis.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-multi-device-docs-tester.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-news.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-observability-report.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-performance-summary.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-regulatory.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-rendering-scripts-verifier.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-repo-chronicle.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-safe-output-optimizer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-safe-outputs-conformance.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-secrets-analysis.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-security-red-team.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-semgrep-scan.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-syntax-error-quality.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-team-evolution-insights.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-team-status.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-testify-uber-super-expert.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/daily-workflow-updater.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/dead-code-remover.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/deep-report.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/delight.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/dependabot-burner.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/dependabot-go-checker.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/dev-hawk.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/dev.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/developer-docs-consolidator.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/dictation-prompt.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/discussion-task-miner.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/docs-noob-tester.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/draft-pr-cleanup.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/duplicate-code-detector.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/example-workflow-analyzer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/firewall-escape.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/firewall.lock.yml`	Includes GitHub MCP guidance prompt (base variant) in the generated system prompt.
`.github/workflows/functional-pragmatist.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/github-mcp-structural-analysis.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/github-mcp-tools-report.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/github-remote-mcp-auth-test.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/glossary-maintainer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/go-fan.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/go-logger.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/go-pattern-detector.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/gpclean.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/grumpy-reviewer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/hourly-ci-cleaner.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/instructions-janitor.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/issue-arborist.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/issue-monster.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/issue-triage-agent.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/jsweep.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/layout-spec-maintainer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/lockfile-stats.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/mcp-inspector.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/mergefest.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/metrics-collector.lock.yml`	Includes GitHub MCP guidance prompt (base variant) in the generated system prompt.
`.github/workflows/notion-issue-summary.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/org-health-report.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/pdf-summary.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/plan.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/poem-bot.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/portfolio-analyst.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/pr-nitpick-reviewer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/pr-triage-agent.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/prompt-clustering-analysis.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/python-data-charts.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/q.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/refiner.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/release.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/repo-audit-analyzer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/repo-tree-map.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/repository-quality-improver.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/research.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/safe-output-health.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/schema-consistency-checker.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/scout.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/security-alert-burndown.campaign.g.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/security-compliance.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/security-review.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/semantic-function-refactor.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/sergo.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/slide-deck-maintainer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-agent-all-merged.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-agent-all-none.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-agent-public-approved.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-agent-public-none.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-agent-scoped-approved.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-call-workflow.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-claude.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-codex.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-copilot-arm.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-copilot.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-create-cross-repo-pr.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-gemini.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-multi-pr.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-project.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-temporary-id.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-test-tools.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-update-cross-repo-pr.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-workflow-call-with-inputs.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/smoke-workflow-call.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/stale-repo-identifier.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/static-analysis-report.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/step-name-alignment.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/sub-issue-closer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/super-linter.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/technical-doc-writer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/terminal-stylist.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/test-create-pr-error-handling.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/test-dispatcher.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/test-project-url-default.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/test-workflow.lock.yml`	Includes GitHub MCP guidance prompt (base variant) in the generated system prompt.
`.github/workflows/tidy.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/typist.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/ubuntu-image-analyzer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/unbloat-docs.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/video-analyzer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/weekly-editors-health-check.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/weekly-issue-summary.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/weekly-safe-outputs-spec-review.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/workflow-generator.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/workflow-health-manager.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/workflow-normalizer.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.
`.github/workflows/workflow-skill-extractor.lock.yml`	Includes GitHub MCP guidance prompt (with safe-outputs variant) in the generated system prompt.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

pkg/workflow/unified_prompt_step_test.go

+		// No inline section should claim safeoutputs handles "all GitHub operations"
+		for _, section := range sections {
+			if !section.IsFile {
+				assert.NotContains(t, section.Content, "all GitHub operations",
+					"Prompt must not claim safeoutputs handles all GitHub operations when GitHub MCP is mounted")
+			}
+		}


pkg/workflow/unified_prompt_step.go

+		// GitHub MCP tool-use guidance: clarifies that the MCP server is read-only and
+		// directs the model to use it for GitHub reads. When safe-outputs is also enabled,
+		// the guidance explicitly separates reads (GitHub MCP) from writes (safeoutputs) so
+		// the model is never steered away from the available read tools.
+		unifiedPromptLog.Print("Adding GitHub MCP tool-use guidance")
+		githubMCPFile := githubMCPToolsPromptFile
+		if HasSafeOutputsEnabled(data.SafeOutputs) {
+			githubMCPFile = githubMCPToolsWithSafeOutputsPromptFile
+		}
+		sections = append(sections, PromptSection{
+			Content: githubMCPFile,
+			IsFile:  true,
+		})


pelikhan · 2026-03-17T02:05:02Z

@copilot fix https://github.com/github/gh-aw/actions/runs/23174530646/job/67334484991

The new github_mcp_tools prompt file sections added by the previous commit caused TestWasmGolden_CompileFixtures to fail because the golden files were out of date. Regenerate them with `make update-wasm-golden`. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot · 2026-03-17T02:11:30Z

@copilot fix https://github.com/github/gh-aw/actions/runs/23174530646/job/67334484991

Fixed in aae205b — regenerated the three wasm golden files that were missing the new cat "/opt/gh-aw/prompts/github_mcp_tools_prompt.md" lines.

Initial plan

8aaa0cc

Copilot AI assigned Copilot and pelikhan Mar 16, 2026

Copilot started work on behalf of pelikhan March 16, 2026 23:48 View session

Copilot AI linked an issue Mar 16, 2026 that may be closed by this pull request

Built safe-outputs prompt says to use safeoutputs for all GitHub operations, but GitHub MCP read tools are mounted separately #21304

Closed

Copilot AI changed the title ~~[WIP] Fix built safe-outputs prompt for GitHub operations~~ fix: prompt steers model away from GitHub MCP read tools when safe-outputs is also enabled Mar 17, 2026

Copilot AI requested a review from pelikhan March 17, 2026 00:02

Copilot finished work on behalf of pelikhan March 17, 2026 00:02

pelikhan reviewed Mar 17, 2026

View reviewed changes

Copilot started work on behalf of pelikhan March 17, 2026 01:37 View session

Copilot AI requested a review from pelikhan March 17, 2026 01:46

Copilot finished work on behalf of pelikhan March 17, 2026 01:46

pelikhan marked this pull request as ready for review March 17, 2026 01:56

Copilot AI review requested due to automatic review settings March 17, 2026 01:56

Copilot started reviewing on behalf of pelikhan March 17, 2026 01:57 View session

Copilot AI reviewed Mar 17, 2026

View reviewed changes

Copilot started work on behalf of pelikhan March 17, 2026 02:05 View session

Copilot finished work on behalf of pelikhan March 17, 2026 02:12

pelikhan merged commit f88c38d into main Mar 17, 2026

pelikhan deleted the copilot/fix-safe-outputs-prompt-issue branch March 17, 2026 02:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: prompt steers model away from GitHub MCP read tools when safe-outputs is also enabled#21307

fix: prompt steers model away from GitHub MCP read tools when safe-outputs is also enabled#21307
pelikhan merged 4 commits intomainfrom
copilot/fix-safe-outputs-prompt-issue

Copilot AI commented Mar 16, 2026 •

edited

Loading

Uh oh!

pelikhan Mar 17, 2026

Uh oh!

Copilot AI Mar 17, 2026

Uh oh!

Copilot AI commented Mar 17, 2026

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

Copilot AI left a comment

Uh oh!

pelikhan commented Mar 17, 2026

Uh oh!

Copilot AI commented Mar 17, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

Copilot AI commented Mar 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Changes

Uh oh!

pelikhan Mar 17, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Mar 17, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI commented Mar 17, 2026

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

pelikhan commented Mar 17, 2026

Uh oh!

Copilot AI commented Mar 17, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Copilot AI commented Mar 16, 2026 •

edited

Loading