Skip to content

Add architectural constraints and security patterns to agentic workflow prompts #13214

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pelikhan merged 2 commits into from
Feb 2, 2026
Merged

Add architectural constraints and security patterns to agentic workflow prompts #13214

pelikhan merged 2 commits into from
Feb 2, 2026
+216 −0

Conversation

Copy link
Contributor

Copilot AI commented Feb 2, 2026
edited
Loading

Discussion #13212 research found the agent overpromises capabilities (3.0/5.0 score on multi-stage pipelines) and inconsistently educates on security risks.

Changes

Architectural Constraints

Document single-job execution model limitations:

  • ❌ No cross-job state, waiting for external events, multi-stage orchestration, retry/rollback
  • ✅ Alternative: Traditional GitHub Actions with jobs: + needs: dependencies
  • Includes refusal patterns with examples for unsupported scenarios

Security Education

Add risk guidance for common patterns:

  • Dependency auto-updates: Supply chain risks (dependency confusion, malicious packages)
  • Credential access: Leakage vectors, prefer OIDC/temporary credentials
  • Web scraping: ToS violations, recommend APIs/RSS first
  • Auto-merge: Always refuse - bypasses review, supply chain vector

Safer Alternatives Pattern

Structured approach: ask alternatives → present risks upfront → require confirmation → document in workflow

Example

User: "Create workflow: staging migrations → wait for deployment → tests → production migrations with rollback"

Agent response:

🚨 Multi-stage orchestration requires cross-job state management which agentic workflows don't support (single-job execution model).

Recommend: Traditional GitHub Actions with multiple jobs + needs: dependencies. Alternatively: separate agentic workflows per stage triggered manually.

Files

  • .github/aw/create-agentic-workflow.md (+152 lines)
  • .github/aw/update-agentic-workflow.md (+64 lines)
Original prompt

Implement suggestions in prompts.
See #13212

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@pelikhan
Add architectural constraints and security education to agentic workf…
01903cf 
…low prompts

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Implement suggestions feature in prompts Add architectural constraints and security patterns to agentic workflow prompts Feb 2, 2026
Copilot AI requested a review from pelikhan February 2, 2026 06:27
@github-actions
Copy link
Contributor

github-actions bot commented Feb 2, 2026

🔍 PR Triage Results

Category: feature | Risk: high | Priority: 50/100

Scores Breakdown

  • Impact: 35/50 - Adds architectural constraints and security patterns to improve agent guidance
  • Urgency: 10/30 - Just created today, still in draft status
  • Quality: 5/20 - Draft PR, needs completion before merge

📋 Recommended Action: batch_review

This PR addresses important security and architectural education for agents (related to Discussion #13212). Once completed and marked ready for review, it should be reviewed with other documentation improvements.

Note: Currently in draft - will need re-triage once marked ready.

Triaged by PR Triage Agent on 2026-02-02

AI generated by PR Triage Agent

@pelikhan pelikhan marked this pull request as ready for review February 2, 2026 06:56
@pelikhan pelikhan merged commit 81db641 into main Feb 2, 2026
101 checks passed
@pelikhan pelikhan deleted the copilot/implement-suggestions-in-prompts branch February 2, 2026 07:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@pelikhan pelikhan pelikhan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

pr-action:batch_review pr-agent:copilot pr-priority:medium pr-risk:high pr-type:feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan