fix: revert pipeline prompt to $(cat) inline expansion

[jamesadevine]

Reverts pipeline templates to use --prompt "$(cat file)" instead of --prompt @file. The @file syntax is not supported by copilot in pipeline contexts.

Local dev (run.rs) retains @file since it avoids the Windows cmd.exe 8191-char argument length limit.

[github-actions]

🔍 Rust PR Review

Summary: Fix is directionally correct but leaves a residual @file usage and introduces a shell-injection risk from prompt content containing double quotes.

---

Findings

🐛 Bugs / Logic Issues

• base.yml:344, 1es-base.yml:373 — --additional-mcp-config still uses @file

  -- '/tmp/awf-tools/copilot --prompt "$(cat /tmp/awf-tools/agent-prompt.md)" --additional-mcp-config @/tmp/awf-tools/mcp-config.json {{ copilot_params }}'
  

  The PR description says "@file syntax is not supported by copilot in pipeline contexts." If that's true globally, --additional-mcp-config @/tmp/awf-tools/mcp-config.json will fail for the same reason and should also be switched to $(cat ...). This is an incomplete fix.

🔒 Security Concerns

• base.yml:344, 1es-base.yml:373 — double-quote injection from prompt content

  The prompt file is safely written via heredoc with a single-quoted sentinel (<< 'AGENT_PROMPT_EOF'), so {{ agent_content }} lands verbatim in the file — that part is correct. But when read back:

  -- '/tmp/awf-tools/copilot --prompt "$(cat /tmp/awf-tools/agent-prompt.md)" ...'
  ```
  
  AWF executes this string inside a container shell. If the prompt file contains any `"` characters (common in markdown — code examples, quoted text), they prematurely terminate the `"..."` wrapper. For example, a prompt containing `use "grep -r"` would expand to:
  
  ```
  copilot --prompt "use "grep -r"" --additional-mcp-config ...

  ...which a POSIX shell parses as --prompt "use ", followed by unquoted token grep, then -r, etc. In the best case the pipeline fails with a malformed command; in the worst case extra flags are injected into the copilot invocation.

  Suggested fix: assign to a variable before the AWF invocation, or pass via an environment variable using the already-present --env-all flag:

  export AGENT_PROMPT_CONTENT
  AGENT_PROMPT_CONTENT=$(cat /tmp/awf-tools/agent-prompt.md)
  sudo -E .../awf \
    ... \
    -- '/tmp/awf-tools/copilot --prompt "$AGENT_PROMPT_CONTENT" ...'

  Because --env-all passes host env vars into the AWF container and the variable reference "$AGENT_PROMPT_CONTENT" is inside single quotes (passed literally to AWF), AWF's inner shell will expand it safely — and single-line variable expansion doesn't suffer from the double-quote truncation issue. Alternatively, keep @file for both args if the root cause was something else (e.g., shell quoting around @).

✅ What Looks Good

• The heredoc write step (<< 'AGENT_PROMPT_EOF') is correctly guarded with a single-quoted sentinel, preventing any expansion of agent content during the write phase. Good defensive practice.
• Local dev (run.rs) retaining @file is the right call — it avoids the Windows 8191-char arg limit and the injection risk (Rust passes args as a proper Vec<OsString>, not through a shell).
• Both base.yml and 1es-base.yml were updated consistently with each other.

Generated by Rust PR Reviewer for issue #276 · ● 497.5K · ◷