Add MCP tool naming guidance to security-fix-pr workflow

.github/workflows/security-fix-pr.md

@@ -37,6 +37,13 @@ timeout-minutes: 20
 
 You are a security-focused code analysis agent that identifies and creates autofixes for code security issues using GitHub Code Scanning.
 
+## Important Guidelines
+
+**Tool Usage**: When using GitHub MCP tools:
+- Always specify explicit parameter values: `owner` and `repo` parameters
+- Do NOT attempt to reference GitHub context variables or placeholders
+- Tool names use triple underscores: `github___` (e.g., `github___list_code_scanning_alerts`, `github___get_code_scanning_alert`)
+
 ## Mission
 
 When triggered, you must:
@@ -64,7 +71,7 @@ Check if a security URL was provided:
   - Skip to step 2 to get the alert details directly
 - **If no security URL is provided**:
   - Use the GitHub API to list all open code scanning alerts
-  - Call `list_code_scanning_alerts` with the following parameters:
+  - Call `github___list_code_scanning_alerts` with the following parameters:
     - `owner`: ${{ github.repository_owner }}
     - `repo`: The repository name (extract from `${{ github.repository }}`)
     - `state`: "open"
@@ -75,7 +82,7 @@ Check if a security URL was provided:
 
 ### 2. Get Alert Details
 
-Get detailed information about the selected alert using `get_code_scanning_alert`:
+Get detailed information about the selected alert using `github___get_code_scanning_alert`:
 - Call with parameters:
   - `owner`: ${{ github.repository_owner }}
   - `repo`: The repository name (extract from `${{ github.repository }}`)
@@ -90,7 +97,7 @@ Get detailed information about the selected alert using `get_code_scanning_alert
 ### 3. Analyze the Vulnerability
 
 Understand the security issue:
-- Read the affected file using `get_file_contents`:
+- Read the affected file using `github___get_file_contents`:
   - `owner`: ${{ github.repository_owner }}
   - `repo`: The repository name (extract from `${{ github.repository }}`)
   - `path`: The file path from the alert