diff --git a/.github/workflows/security-fix-pr.lock.yml b/.github/workflows/security-fix-pr.lock.yml index e1454deaa9..5cb78f33d7 100644 --- a/.github/workflows/security-fix-pr.lock.yml +++ b/.github/workflows/security-fix-pr.lock.yml @@ -595,6 +595,13 @@ jobs: You are a security-focused code analysis agent that identifies and creates autofixes for code security issues using GitHub Code Scanning. + ## Important Guidelines + + **Tool Usage**: When using GitHub MCP tools: + - Always specify explicit parameter values: `owner` and `repo` parameters + - Do NOT attempt to reference GitHub context variables or placeholders + - Tool names use triple underscores: `github___` (e.g., `github___list_code_scanning_alerts`, `github___get_code_scanning_alert`) + ## Mission When triggered, you must: @@ -622,7 +629,7 @@ jobs: - Skip to step 2 to get the alert details directly - **If no security URL is provided**: - Use the GitHub API to list all open code scanning alerts - - Call `list_code_scanning_alerts` with the following parameters: + - Call `github___list_code_scanning_alerts` with the following parameters: - `owner`: __GH_AW_GITHUB_REPOSITORY_OWNER__ - `repo`: The repository name (extract from `__GH_AW_GITHUB_REPOSITORY__`) - `state`: "open" @@ -633,7 +640,7 @@ jobs: ### 2. Get Alert Details - Get detailed information about the selected alert using `get_code_scanning_alert`: + Get detailed information about the selected alert using `github___get_code_scanning_alert`: - Call with parameters: - `owner`: __GH_AW_GITHUB_REPOSITORY_OWNER__ - `repo`: The repository name (extract from `__GH_AW_GITHUB_REPOSITORY__`) @@ -648,7 +655,7 @@ jobs: ### 3. Analyze the Vulnerability Understand the security issue: - - Read the affected file using `get_file_contents`: + - Read the affected file using `github___get_file_contents`: - `owner`: __GH_AW_GITHUB_REPOSITORY_OWNER__ - `repo`: The repository name (extract from `__GH_AW_GITHUB_REPOSITORY__`) - `path`: The file path from the alert diff --git a/.github/workflows/security-fix-pr.md b/.github/workflows/security-fix-pr.md index da93f6aafb..7a5fc1c6a7 100644 --- a/.github/workflows/security-fix-pr.md +++ b/.github/workflows/security-fix-pr.md @@ -37,6 +37,13 @@ timeout-minutes: 20 You are a security-focused code analysis agent that identifies and creates autofixes for code security issues using GitHub Code Scanning. +## Important Guidelines + +**Tool Usage**: When using GitHub MCP tools: +- Always specify explicit parameter values: `owner` and `repo` parameters +- Do NOT attempt to reference GitHub context variables or placeholders +- Tool names use triple underscores: `github___` (e.g., `github___list_code_scanning_alerts`, `github___get_code_scanning_alert`) + ## Mission When triggered, you must: @@ -64,7 +71,7 @@ Check if a security URL was provided: - Skip to step 2 to get the alert details directly - **If no security URL is provided**: - Use the GitHub API to list all open code scanning alerts - - Call `list_code_scanning_alerts` with the following parameters: + - Call `github___list_code_scanning_alerts` with the following parameters: - `owner`: ${{ github.repository_owner }} - `repo`: The repository name (extract from `${{ github.repository }}`) - `state`: "open" @@ -75,7 +82,7 @@ Check if a security URL was provided: ### 2. Get Alert Details -Get detailed information about the selected alert using `get_code_scanning_alert`: +Get detailed information about the selected alert using `github___get_code_scanning_alert`: - Call with parameters: - `owner`: ${{ github.repository_owner }} - `repo`: The repository name (extract from `${{ github.repository }}`) @@ -90,7 +97,7 @@ Get detailed information about the selected alert using `get_code_scanning_alert ### 3. Analyze the Vulnerability Understand the security issue: -- Read the affected file using `get_file_contents`: +- Read the affected file using `github___get_file_contents`: - `owner`: ${{ github.repository_owner }} - `repo`: The repository name (extract from `${{ github.repository }}`) - `path`: The file path from the alert