Document bash allowlist decision rule for trusted vs untrusted workflow inputs

[Copilot]

This updates the workflow authoring guide to remove ambiguity around tools.bash configuration. It adds a clear rule for when to use a narrow command allowlist versus ["*"], based on trigger context and input trust.

• What changed

  • Added a Bash allowlist decision rule under .github/aw/github-agentic-workflows.md in the tools.bash section.
  • Defined guidance for:
    • PR-triggered workflows with untrusted input (issue/PR/comment/user-provided strings) → use a narrow allowlist.
    • schedule / workflow_dispatch workflows with trusted/internal-only inputs → bash: ["*"] is acceptable.
  • Added a rule-of-thumb to quickly classify workflows by input source.

• Examples added

  • Included a side-by-side YAML example showing a PR workflow with a narrow list and a scheduled workflow with unrestricted bash.

# PR-triggered workflow reading untrusted user text
on:
  pull_request:
tools:
  bash: [find, cat, grep, wc, jq]

# Internal scheduled workflow reading only trusted/internal data
on:
  schedule:
    - cron: "0 * * * *"
tools:
  bash: ["*"]

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh gh repo view --json owner,name --jq .owner.login + "/" + .name 64/pkg/tool/linux_amd64/compile GOINSECURE ntio/encoding/js/tmp/js-hash-test-2340766441/test-hash.js 4004565/b011/sym/home/REDACTED/work/gh-aw/gh-aw/.github/workflows/ai-moderator.md 64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh repo view owner/repo env ternal/tools/actions-build/main.go go x_amd64/link GOINSECURE l GOMODCACHE x_amd64/link conf�� 4044011/b392/_pkg_.a FnMM/DTE1YZYN5-LgmGb0FnMM .cfg GOSUMDB GOWORK 64/bin/go M2/2rd54d-9cdbu-SqAYBLY/t9jI7Mg6test@example.com (http block)
  • Triggering command: /usr/bin/gh gh repo view owner/repo ortc�� 3276887487 stmain.go 64/pkg/tool/linux_amd64/link GOINSECURE contextprotocol/rev-parse GOMODCACHE 64/pkg/tool/linux_amd64/link for-�� 40/001/test-frontmatter-with-arrays.md --merged=624a077904d11c21e46fd1ee30968acfe50c36b7 ortcfg.link GOSUMDB b/gh-aw/pkg/agenremote 64/bin/go 9Ym34G_sfJyM6o-Ioz/mT-tLcfK0hMgkSLlQ1ZG/V_z3kiodThbFBmRphbkm (http block)
• https://api.github.com/orgs/test-owner/actions/secrets
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json o x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 94bd537a09dfb501-d GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv --paginate repos/{owner}/{repo}/actions/runs/4/artifacts /usr/bin/gh .artifacts[].namgit g/semverutil/semrev-parse 64/pkg/tool/linu--show-toplevel gh repo�� view owner/repo /usr/bin/git 3244344466/.githnode fWCy/na03iXLzDBM/opt/hostedtoolcache/node/24.14.1/x64/bin/npm .cfg git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json GO111MODULE 8d519d9/node_mod--show-toplevel git init�� GOMODCACHE go /usr/bin/git y_with_explicit_node GO111MODULE ache/go/1.25.8/xinstall git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv ansitiveImports1115271497/001 sgM1d_TR1DWb /usr/bin/git -json GO111MODULE 64/bin/go git remo�� GOMODCACHE (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv /tmp/TestGuardPoremote.origin.url s/test.md /usr/bin/git 492acfcf989075a9git GO111MODULE 64/bin/go git -C /tmp/TestCompileUpdateDiscussionFieldEnforcement2324341492/001 rev-parse /usr/bin/docker -json GO111MODULE 64/bin/go docker (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv se 4044011/b189/vet.cfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -p strconv -lang=go1.25 ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet 4044�� /tmp/go-build2284004565/b203/_pkg_.a 4044011/b070/_testmain.go 1/x64/bin/node -p crypto/internal/rev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linuTest User (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git se 4044011/b004/vet\n .cfg git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linu--auto /usr/bin/git 0012-33975/test-git 4044011/b213/vetrev-parse ache/go/1.25.8/x--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/compile /usr/bin/git 4044011/b449/_pkgit -tests 4044011/b449=> git rev-�� --show-toplevel git /usr/bin/git 95N_/IagaKIu7mbqgit config ache/go/1.25.8/x--show-toplevel git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv 4044011/b464/_pkg_.a -tests 4044011/b464=> -json b/gh-aw/pkg/typerev-parse x_amd64/compile git init�� 88qG/8AJ7Y7dVpgtqOdVA88qG x_amd64/compile /usr/bin/git -json GO111MODULE x_amd64/vet 4044011/b464/importcfg (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv run --auto /usr/bin/git --detach GO111MODULE 64/bin/go git -C /tmp/gh-aw-test-runs/20260421-06.artifacts[].name rev-parse /usr/bin/git ath ../../../.prgit GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linuorigin /usr/bin/git eutil.go eutil_test.go ache/go/1.25.8/x-b git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linuTest User /usr/bin/git -unreachable=falgit /tmp/go-build217rev-parse e/git-upload-pac--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git SameOutput108193git GO111MODULE ache/go/1.25.8/x-b git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm /usr/bin/git -json GO111MODULE /opt/hostedtoolc--show-toplevel git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json r/common.go x_amd64/compile GOINSECURE GOMOD bytealg/equal_wa--show-toplevel x_amd64/compile env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv user.name Test User /usr/bin/git -json .cfg 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linuremote.origin.url /usr/bin/git ortcfg GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/compile /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git hub/workflows GO111MODULE bin/sh git (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --git-dir x_amd64/compile /usr/bin/git -json .cfg 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git mLsRemoteWithReagit mLsRemoteWithRearev-parse 64/pkg/tool/linu--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/compile /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git hub/workflows GO111MODULE de_modules/.bin/--show-toplevel git (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv t0 --jq (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv -bool l ache/node/24.14.1/x64/bin/node -errorsas -ifaceassert -nilfunc ache/node/24.14.1/x64/bin/node 4979�� for-each-ref --format=%(objectname) /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv --count st/suppress-warnings.cjs $name) { hasDiscussionsEnabled } } README.md ion-test..token-init ules/.bin/git st/dist/workers/forks.js show�� --verify fc633e4f bin/node token-test.txt (http block)
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv fc633e4f..HEAD --stdout _modules/.bin/git README.md ion-test..token--c 86_64/git git rev-�� HEAD fc633e4f..HEAD /home/REDACTED/.config/composer/vendor/bin/git token-test.txt ings.cjs ache/node/24.14.graphql git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv 8fe7212860dc1767109d9dbcad9f8ddc28ae509b st/suppress-warnings.cjs $name) { hasDiscussionsEnabled } } ion-test Test User k/gh-aw/gh-aw/acgit rev-parse --abbrev-ref HEAD st/dist/workers/forks.js mpor�� HEAD 337cc3b8 1/x64/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node -b token-option-tes-C nfig/composer/ve/home/REDACTED/work/gh-aw/gh-aw/.github/workflows k/gh-aw/gh-aw/acconfig (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv user.name Test User /opt/hostedtoolcache/node/24.14.1/x64/bin/node IIAr-WTp5 .cfg 64/pkg/tool/linu--show-toplevel /opt/hostedtoolcache/node/24.14.1/x64/bin/node /tmp�� github.repository 64/pkg/tool/linu-importcfg /usr/bin/git 4004565/b185/_pkgit om/goccy/go-yamlrev-parse 64/pkg/tool/linu--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/asm /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv 4044011/b461/_pkg_.a -extld=gcc 4044011/b461=> -json GO111MODULE x_amd64/compile git -C byx2/jNQYSQDdMsvnnTZDbyx2 rev-parse /usr/bin/infocmp -json g.go x_amd64/compile infocmp (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv -aw/git/ref/tags/v2.0.0 go bject.type] | @tsv -json GO111MODULE 64/bin/go git conf�� --get remote.origin.url /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv ithub/workflows/architecture-guardian.md -tests /usr/bin/git -json GO111MODULE x_amd64/compile git rev-�� s/test.md x_amd64/compile ache/node/24.14.1/x64/bin/node -json t/format.go x_amd64/compile /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv h-report.lock.ym-json go /opt/hostedtoolcache/node/24.14.1/x64/bin/node -json GO111MODULE 64/bin/go node /tmp�� ons-test1314824853 go /usr/bin/gh -json GO111MODULE -d gh (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name rg/x/text@v0.36.0/internal/stringset/set.go 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD 4004565/b007/symuser.email 64/pkg/tool/linutest@example.com ache�� 4004565/b251/_pkg_.a GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE b/gh-aw/pkg/gitu/tmp/js-hash-test-1859323720/test-hash.js GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE sysrand GOMODCACHE 64/pkg/tool/linux_amd64/vet env 4004565/b235/_pkg_.a REzZ/UVSmm-gThuyfG0BeREzZ ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE osh-tekuri/jsonsrev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD erignore go env e=false GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linu-lang=go1.25 GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu-goversion env 2957885601 GO111MODULE x_amd64/compile GOINSECURE g/x/text/secure/config GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet ortc�� 3276887487 stmain.go ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env e=false GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE %H %ct %D (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE sY5xy3c/9ezsDU_V-buildtags env 2957885601 GO111MODULE .cfg GOINSECURE g/x/net/http2/hp/tmp/js-hash-test-1166194121/test-hash.js 4004565/b092/sym/home/REDACTED/work/gh-aw/gh-aw/.github/workflows/approach-validator.md ache/go/1.25.8/x-tests (http block)
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/pkg/tool/linu-importcfg GOINSECURE l/buffer GOMODCACHE 64/pkg/tool/linu/home/REDACTED/work/gh-aw/gh-aw/pkg/timeutil/format_test.go env 3276887487 pRaw/gwkwek_UF5vdtNyzpRaw .cfg GOINSECURE a95/uritemplate/rev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name g/gitutil/gitutil.go 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD 4004565/b007/sym--git-dir 64/pkg/tool/linux_amd64/vet env 3244344466/.github/workflows r73k/ZR15bOYtzO_sNGC5r73k .cfg GOINSECURE /semver GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-test.v=true (http block)
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE ntio/encoding/isinit GOMODCACHE 64/pkg/tool/linux_amd64/vet env 4004565/b225/_pkg_.a GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE ce GOMODCACHE 64/pkg/tool/linux_amd64/link (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD erignore go env 0502-58903/test-2953290430/.github/workflows GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name rg/x/mod@v0.35.0/semver/semver.go 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD 4004565/b013/sym--show-toplevel 64/pkg/tool/linux_amd64/vet env 3244344466/.github/workflows 7Ps3/Xuna8G_bMUX3GMM57Ps3 .cfg GOINSECURE b/gh-aw/pkg/semvrev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-buildtags (http block)
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 .cfg x_amd64/vet GOINSECURE 4004565/b015/charev-parse ache/go/1.25.8/x--show-toplevel x_amd64/vet env 4004565/b236/_pkg_.a aFt_/WeZ-gWqCt5YqbNVEaFt_ ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE osh-tekuri/jsonsrev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD erignore go env /ref/tags/v9 GO111MODULE sv GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name g/semverutil/semverutil.go 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 3244344466/.github/workflows fWCy/na03iXLzDBM34i--fWCy .cfg GOINSECURE g/x/net/http/httrev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath (http block)
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE entropy 4004565/b029/symuser.email 64/pkg/tool/linutest@example.com env 4004565/b194/_pkg_.a h5RJ/fhSiz4P0ozPJ9_2Hh5RJ k GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-extld=gcc (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD erignore go env 0502-58903/test-2953290430/.github/workflows GO111MODULE e/git-upload-pack GOINSECURE %H %ct %D (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name wSZY/jnOu1kEKMik-c=4 64/pkg/tool/linu-nolocalimports GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu/tmp/go-build2174044011/b458/_testmain.go env 3244344466 GO111MODULE .cfg GOINSECURE g/x/net/http/httrev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-buildtags (http block)
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 .cfg 64/pkg/tool/linu-lang=go1.25 GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuTest User env 4004565/b228/_pkgo1.25.8 DUdE/2oEXO76xETh-c=4 ache/go/1.25.8/x-nolocalimports GOINSECURE l/httpcommon GOMODCACHE ache/go/1.25.8/x/tmp/go-build2174044011/b471/_testmain.go (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD erignore go env 0502-58903/test-2953290430 GO111MODULE res.lock.yml GOINSECURE %H %ct %D (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path -c=4 -nolocalimports -importcfg /tmp/go-build2174044011/b418/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/fileutil.go /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/tar.go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD s/js_js.s x_amd64/vet env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 4004565/b078/ GOMODCACHE 64/pkg/tool/linux_amd64/vet env 4004565/b204/_pkg_.a GO111MODULE ache/go/1.25.8/x64/pkg/tool/linu--limit GOINSECURE fips140/tls12 ache/go/1.25.8/x--get ache/go/1.25.8/xremote.origin.url (http block)
• https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md
  • Triggering command: /tmp/go-build2174044011/b403/cli.test /tmp/go-build2174044011/b403/cli.test -test.testlogfile=/tmp/go-build2174044011/b403/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE x_amd64/asm env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /tmp/go-build3183062264/b403/cli.test /tmp/go-build3183062264/b403/cli.test -test.testlogfile=/tmp/go-build3183062264/b403/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv it/ref/tags/v4 ache/go/1.25.8/x64/pkg/tool/linutest@example.com sv (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git sRemoteWithRealGgit sRemoteWithRealGrev-parse (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv se 4044011/b012/vet.cfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD 4004565/b133/symgithub.actor ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -o /tmp/go-build2284004565/b087/_pkg_.a 4004565/b133/importcfg .cfg -p crypto/internal/rev-parse -lang=go1.25 ache/go/1.25.8/x64/pkg/tool/linuremote.origin.url (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env 8186330/001 8186330/002/work x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env g_.a GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE es/.bin/node GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv ntdrain.test 4044011/b013/vet.cfg ortcfg.link GOINSECURE GOMOD GOMODCACHE _Z6D_Mz6CWHClyS2FN/XbnWeb6YUjGwSM7eNvRe/86NY3VUwrev-parse (http block)
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env itmaster_branch2812354291/001 itmaster_branch2812354291/002/work ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /home/REDACTED/go/bin/node GOINSECURE GOMOD GOMODCACHE node (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh workflow list --repo owner/repo --json name,path,state x_amd64/link GOINSECURE hpke GOMODCACHE x_amd64/link -###�� t2236956774/.github/workflows ruy0/HceIUipbAWMY9sJvruy0 .cfg - GOWORK 64/bin/go N_/MhA652aEkSuR8^remote\..*\.gh-resolved$ (http block)
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env h ../../../.pret-- GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json ag.go x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE modules/@npmcli/run-script/lib/node-gyp-bin/sh GOINSECURE GOMOD GOMODCACHE go env effcfbcbb59500dd-d GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/test/repo
  • Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch 4004565/b236/_pkg_.a aFt_/WeZ-gWqCt5YqbNVEaFt_ ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE osh-tekuri/jsonsrev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch /repos/actions/github-script/git/ref/tags/v9 --jq /usr/bin/git -json GO111MODULE 64/bin/go git init�� GOMODCACHE go /usr/bin/git -json GO111MODULE odules/npm/node_--show-toplevel git (http block)
• invalid.example.invalid
  • Triggering command: /usr/lib/git-core/git-remote-https /usr/lib/git-core/git-remote-https origin https://invalid.example.invalid/nonexistent-repo.git git conf�� --local --get ode_modules/.bin/git cal/bin/git git /git git add . git tions/setup/node_modules/.bin/git -M main bin/git git (dns block)
  • Triggering command: /usr/lib/git-core/git-remote-https /usr/lib/git-core/git-remote-https origin https://invalid.example.invalid/nonexistent-repo.git git form�� origin/auth-cleanup-success..auth-cleanup-success --stdout ode_modules/.bin/git 3 git in/git git add . git tions/setup/node_modules/.bin/git -m Initial commit /home/REDACTED/.loagent-change.txt git (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[github-actions]

Hey @Copilot 👋 — great addition to the workflow authoring guide! The bash allowlist decision rule is clear, well-motivated, and the side-by-side YAML examples make the guidance immediately actionable for workflow authors. The single-file, focused diff is exactly the right scope for this kind of documentation improvement.

One small thing to address before this is fully ready:

• No test changes detected — even for documentation PRs, it's worth confirming that make test (or at minimum make build and make lint) passes cleanly with this change. If the project has any doc-linting or markdown validation steps in the test suite, verifying those pass would complete the checklist.

If you'd like a hand wrapping this up, you can assign this prompt to your coding agent:

For PR #27506 in github/gh-aw, verify that the documentation change to .github/aw/github-agentic-workflows.md passes all required quality gates:
1. Run `make build` and confirm it succeeds.
2. Run `make lint` and confirm it succeeds.
3. Run `make test` and confirm it succeeds.
4. If any markdown or doc-linting targets exist in the Makefile, run those too.
Report the results and fix any issues found.

Generated by Contribution Check · ● 1.4M · ◷

[Copilot]

Pull request overview

Clarifies the workflow authoring guide’s tools.bash configuration by documenting when to use a narrow bash command allowlist vs ["*"], based on trigger context and whether workflow inputs are trusted.

Changes:

• Added a “Bash allowlist decision rule” under the tools.bash documentation.
• Added a rule-of-thumb for classifying workflows by input source trust.
• Added YAML examples illustrating narrow allowlist vs unrestricted bash.

Show a summary per file

File	Description
.github/aw/github-agentic-workflows.md	Adds guidance and examples for choosing tools.bash allowlist scope based on input trust.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 1/1 changed files
• Comments generated: 2

[Copilot]

The guidance for when bash: ["*"] is acceptable is currently tied to schedule/workflow_dispatch, but workflow_dispatch often includes user-provided inputs (and scheduled/manual workflows can still consume untrusted data via GitHub API fields like issue/PR bodies). This can be read as implying those triggers are inherently “trusted”. Consider rewording to make the decision depend on input provenance (and who can supply it), e.g. explicitly calling out github.event.inputs.* and any issue/PR/comment content as untrusted even when fetched via the API, and only allowing "*" when all inputs are repository-controlled/internal-only.

Suggested change

	- **PR-triggered workflows** processing **untrusted input** (issue/PR body, comment text, user-provided filenames): use a **narrow allowlist** (for example: `[find, cat, grep, wc, jq]`). This limits blast radius if shell injection attempts are embedded in untrusted content.
	- **`schedule` or `workflow_dispatch` workflows** with **no untrusted input** (only trusted API data or internal state): `["*"]` is acceptable.
	- **Rule of thumb**: If the workflow reads issue/PR bodies, comment text, or other user-provided strings, use a narrow list. If it only reads trusted API responses or workflow artifacts, `["*"]` is acceptable.
	- **Any workflow** processing **untrusted input** (for example: issue/PR bodies, comment text, `github.event.inputs.*`, user-provided filenames, or any other user-influenced string): use a **narrow allowlist** (for example: `[find, cat, grep, wc, jq]`). This limits blast radius if shell injection attempts are embedded in untrusted content.
	- **Do not treat `schedule` or `workflow_dispatch` as inherently trusted.** Manual and scheduled workflows can still consume untrusted data, including `github.event.inputs.*` and issue/PR/comment content retrieved via the GitHub API.
	- **Rule of thumb**: Base the decision on **input provenance**, not the trigger. If any input can be supplied or influenced by repository users or external actors, use a narrow list. Use `["*"]` only when **all** inputs are repository-controlled/internal-only data, such as fixed configuration, trusted internal state, or carefully scoped workflow artifacts.

[Copilot]

The fenced yaml snippet contains two separate examples in one block, which results in duplicate top-level keys (on: and tools:) and is not valid YAML if copied verbatim. Consider splitting into two separate code blocks (or adding clear --- document separators and labeling them) so each example is a valid standalone snippet.