[WIP] Restore main safe output prompt using safe output tools

[Copilot]

• Understand the problem: agents try to use gh CLI instead of safe output MCP tools
• Create safe_outputs_prompt.md with instructions about using safeoutputs MCP server
• Embed the prompt in sh.go
• Create safe_outputs_prompt.go with the generateSafeOutputsPromptStep function
• Add call to generateSafeOutputsPromptStep in compiler_yaml.go when safe-outputs are configured
• Create tests for the safe outputs prompt step
• Run unit tests and fix test failure (prompt format causing false positive in job detection)
• Run agent-finish to validate all workflows compile correctly
• Request code review
• Run security scan (CodeQL)
• Remove available-tools list from prompt (tools are discoverable via MCP)

Original prompt

Bring back the main safe output prompt of the merged PR #4719

the agent should use safe output tools instead of trying to use gh. gh auth = false ==> gh ... ==> error.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[pelikhan]

@copilot continue work

[Copilot]

@copilot continue work

Added a safe outputs prompt that instructs agents to use the safeoutputs MCP server tools instead of gh CLI (which is not authenticated). The prompt is injected when safe-outputs are configured in the workflow. See commit 9a54ffc.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/user
  • Triggering command: /usr/bin/gh gh api user --jq .login (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot remove part of the prompt

[Copilot]

Removed the <available-tools> list and <reminder> from the prompt. Tools are discoverable via MCP server. See commit bc67554.

[Copilot]

Pull request overview

This PR restores the main safe output prompt functionality that instructs AI agents to use safe output MCP tools instead of attempting to use the unauthenticated GitHub CLI. The change addresses an issue where agents were trying to use gh CLI commands for GitHub API operations, which fail because gh is not authenticated in the workflow environment.

Key Changes

• Added a new prompt file (safe_outputs_prompt.md) with instructions about using safeoutputs MCP server
• Integrated the prompt generation into the compiler workflow when safe-outputs are configured
• Created comprehensive tests to validate the prompt generation behavior

Reviewed changes

Copilot reviewed 81 out of 81 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
pkg/workflow/sh/safe_outputs_prompt.md	New prompt template instructing agents to use safeoutputs MCP server instead of gh CLI
pkg/workflow/sh.go	Embedded the safe outputs prompt text using go:embed directive
pkg/workflow/safe_outputs_prompt.go	New function to generate safe outputs prompt step using the helper pattern
pkg/workflow/safe_outputs_prompt_test.go	Tests validating prompt generation when enabled/disabled and XML structure
pkg/workflow/compiler_yaml.go	Integrated safe outputs prompt step into workflow compilation process
.github/workflows/*.lock.yml	Regenerated lock files showing the prompt step in compiled workflows

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.