Skip to content

fix: reject env.* expressions in markdown per documented safety policy #23932

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Copilot wants to merge 2 commits into from
Closed

fix: reject env.* expressions in markdown per documented safety policy #23932

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
61ac06e
Initial plan
Copilot Apr 1, 2026
f24f880
fix: reject env.* expressions in markdown expression safety validator
Copilot Apr 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 24 additions & 20 deletions .github/workflows/contribution-check.lock.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

17 changes: 11 additions & 6 deletions .github/workflows/contribution-check.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,19 @@ name: "Contribution Check"
on:
schedule: "every 4 hours"
workflow_dispatch:
inputs:
target_repository:
description: "Target repository to check (owner/repo format, defaults to vars.TARGET_REPOSITORY or current repository)"
required: false
type: string

permissions:
contents: read
issues: read
pull-requests: read

env:
TARGET_REPOSITORY: ${{ vars.TARGET_REPOSITORY || github.repository }}
TARGET_REPOSITORY: ${{ github.event.inputs.target_repository || vars.TARGET_REPOSITORY || github.repository }}

tools:
github:
Expand Down Expand Up @@ -39,7 +44,7 @@ safe-outputs:

## Target Repository

The target repository is `${{ env.TARGET_REPOSITORY }}`. All PR fetching and subagent dispatch use this value.
The target repository is `${{ github.event.inputs.target_repository || github.repository }}`. All PR fetching and subagent dispatch use this value.

Comment on lines 45 to 48
Copy link

Copilot AI Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The markdown body now uses github.event.inputs.target_repository || github.repository, but the workflow’s env.TARGET_REPOSITORY also falls back to vars.TARGET_REPOSITORY. On scheduled runs (or when vars.TARGET_REPOSITORY is set and no dispatch input is provided), the prompt will describe/use a different target repo than the workflow actually operates on, which can cause subagent dispatch and safe-output writes to point at the wrong repository. Consider deriving a single resolved target-repo value once (e.g., from env.TARGET_REPOSITORY) and exposing it to the prompt via an allowed steps.*/needs.* output, then reference that consistently throughout the markdown body.

Copilot uses AI. Check for mistakes.
## Overview

Expand All @@ -49,7 +54,7 @@ You do NOT evaluate PRs yourself. You delegate each evaluation to `.github/agent

## Pre-filtered PR List

A `pre-agent` step has already queried and filtered PRs from `${{ env.TARGET_REPOSITORY }}`. The results are in `pr-filter-results.json` at the workspace root. Read this file first. It contains:
A `pre-agent` step has already queried and filtered PRs from `${{ github.event.inputs.target_repository || github.repository }}`. The results are in `pr-filter-results.json` at the workspace root. Read this file first. It contains:

```json
{
Expand All @@ -70,7 +75,7 @@ For each PR number in the comma-separated list, delegate evaluation to the **con
Call the contribution-checker subagent for each PR with this prompt:

```
Evaluate PR ${{ env.TARGET_REPOSITORY }}#<number> against the contribution guidelines.
Evaluate PR ${{ github.event.inputs.target_repository || github.repository }}#<number> against the contribution guidelines.
```

The subagent accepts any `owner/repo#number` reference — the target repo is not hardcoded.
Expand Down Expand Up @@ -176,9 +181,9 @@ If any subagent call failed (❓), also apply `outdated`.
- **You are the orchestrator** — you dispatch and compile. You do NOT run the checklist yourself.
- **PR fetching and filtering is pre-computed** — a `pre-agent` step writes `pr-filter-results.json`. Read it at the start.
- **Subagent does the analysis** — `.github/agents/contribution-checker.agent.md` handles all per-PR evaluation logic.
- **Read from `${{ env.TARGET_REPOSITORY }}`** — read-only access via GitHub MCP tools.
- **Read from `${{ github.event.inputs.target_repository || github.repository }}`** — read-only access via GitHub MCP tools.
- **Write to `${{ github.repository }}`** — reports go here as issues.
- **Use safe output tools for target repository interactions** — use `add-comment` and `add-labels` safe output tools to post comments and labels to PRs in the target repository `${{ env.TARGET_REPOSITORY }}`. Never use `gh` CLI or direct API calls for writes.
- **Use safe output tools for target repository interactions** — use `add-comment` and `add-labels` safe output tools to post comments and labels to PRs in the target repository `${{ github.event.inputs.target_repository || github.repository }}`. Never use `gh` CLI or direct API calls for writes.
- Close the previous report issue when creating a new one (`close-older-issues: true`).
- Be constructive in assessments — these reports help maintainers prioritize, not gatekeep.

Expand Down
Loading
Loading