Objective
Enable strict: true on all input-triggered workflows that receive untrusted data (issues, PRs, comments, discussions) but currently lack strict mode, as identified in discussion #26727.
Context
Per the Copilot CLI Deep Research report (discussion #26727), strict mode has improved to 66% (126/192 workflows) but 34% (66 workflows) remain without it. Input-triggered workflows without strict are potential prompt injection vectors — they process untrusted content without sanitization.
Approach
-
Find all workflows missing strict: true:
grep -rL "strict: true" .github/workflows/*.md
-
For each workflow without strict, check its trigger in the frontmatter on: section:
- If triggered by
issues, pull_request, pull_request_review, discussion, issue_comment, discussion_comment → must have strict: true
- If triggered only by
schedule, workflow_dispatch with no untrusted inputs, push to protected branches → can remain without strict
-
Add strict: true to all input-triggered workflows missing it:
-
Cross-check: confirm that strict: true workflows also use $\{\{ steps.sanitized.outputs.text }} (or title/body) in their prompts rather than raw event data
-
Recompile: make recompile
-
Validate: make agent-finish
Files to Modify
- All
.github/workflows/*.md files triggered by user-generated events that lack strict: true
- Corresponding
.lock.yml files regenerated by make recompile
Acceptance Criteria
Generated by Plan Command for issue #discussion #26727 · ● 361.6K · ◷
Objective
Enable
strict: trueon all input-triggered workflows that receive untrusted data (issues, PRs, comments, discussions) but currently lack strict mode, as identified in discussion #26727.Context
Per the Copilot CLI Deep Research report (discussion #26727),
strictmode has improved to 66% (126/192 workflows) but 34% (66 workflows) remain without it. Input-triggered workflows withoutstrictare potential prompt injection vectors — they process untrusted content without sanitization.Approach
Find all workflows missing
strict: true:For each workflow without
strict, check its trigger in the frontmatteron:section:issues,pull_request,pull_request_review,discussion,issue_comment,discussion_comment→ must havestrict: trueschedule,workflow_dispatchwith no untrusted inputs,pushto protected branches → can remain without strictAdd
strict: trueto all input-triggered workflows missing it:Cross-check: confirm that
strict: trueworkflows also use$\{\{ steps.sanitized.outputs.text }}(ortitle/body) in their prompts rather than raw event dataRecompile:
make recompileValidate:
make agent-finishFiles to Modify
.github/workflows/*.mdfiles triggered by user-generated events that lackstrict: true.lock.ymlfiles regenerated bymake recompileAcceptance Criteria
strict: truestrictworkflows usesteps.sanitized.outputs.*expressions in promptsmake agent-finishpasses