Discussion #13212 research found the agent overpromises capabilities (3.0/5.0 score on multi-stage pipelines) and inconsistently educates on security risks.

Changes

Architectural Constraints

Document single-job execution model limitations:

• ❌ No cross-job state, waiting for external events, multi-stage orchestration, retry/rollback
• ✅ Alternative: Traditional GitHub Actions with jobs: + needs: dependencies
• Includes refusal patterns with examples for unsupported scenarios

Security Education

Add risk guidance for common patterns:

• Dependency auto-updates: Supply chain risks (dependency confusion, malicious packages)
• Credential access: Leakage vectors, prefer OIDC/temporary credentials
• Web scraping: ToS violations, recommend APIs/RSS first
• Auto-merge: Always refuse - bypasses review, supply chain vector

Safer Alternatives Pattern

Structured approach: ask alternatives → present risks upfront → require confirmation → document in workflow

Example

User: "Create workflow: staging migrations → wait for deployment → tests → production migrations with rollback"

Agent response:

🚨 Multi-stage orchestration requires cross-job state management which agentic workflows don't support (single-job execution model).

Recommend: Traditional GitHub Actions with multiple jobs + needs: dependencies. Alternatively: separate agentic workflows per stage triggered manually.

Files

• .github/aw/create-agentic-workflow.md (+152 lines)
• .github/aw/update-agentic-workflow.md (+64 lines)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.