Fix inconsistent and undocumented token configuration in create-issue-command.md

[Copilot]

Summary

reply-to-pull-request-review-comment referenced secrets.GH_AW_AGENT_TOKEN — an undocumented secret not used anywhere else — while create-issue had no token configured. The custom token was also never compiled into the lock file (which already uses GH_AW_GITHUB_TOKEN || GITHUB_TOKEN), making the field both inconsistent and a no-op that could cause confusing runtime failures.

Changes:

• .github/workflows/create-issue-command.md: Remove github-token: ${{ secrets.GH_AW_AGENT_TOKEN }} from reply-to-pull-request-review-comment; both safe-outputs now uniformly rely on the framework's default token resolution

No lock file update required — GH_AW_AGENT_TOKEN was never compiled into create-issue-command.lock.yml, and the safe_outputs job already has issues: write / pull-requests: write with GH_AW_GITHUB_TOKEN || GITHUB_TOKEN.

Testing

• Not run (why?)
• uv run poe check
• Other: YAML-only change; code review and CodeQL scan passed (no applicable languages)

Checklist

• Linked issue or task reference
• Added/updated tests where relevant
• Updated docs/README if needed
• No secrets or sensitive data added
• Considered backward compatibility and deployment impact

Additional context

Original prompt

---

This section details on the original issue you should resolve

<issue_title>create-issue-command.md: Undocumented GH_AW_AGENT_TOKEN and inconsistent token configuration across safe-outputs</issue_title>
<issue_description>## Summary

The safe-outputs.reply-to-pull-request-review-comment in .github/workflows/create-issue-command.md references secrets.GH_AW_AGENT_TOKEN, but this secret is not mentioned or documented elsewhere in the repository. Additionally, safe-outputs.create-issue does not specify the same matching token, creating an inconsistency that is likely to cause a confusing runtime failure (missing secret and/or insufficient permissions).

File and Location

• File: .github/workflows/create-issue-command.md
• Line: 22

Original Review Comment

safe-outputs.reply-to-pull-request-review-comment references secrets.GH_AW_AGENT_TOKEN, but this secret isn't mentioned elsewhere in the repo docs, and create-issue doesn't specify a matching token. This is likely to cause a confusing runtime failure (missing secret and/or insufficient permissions). Either remove the custom token field and rely on GITHUB_TOKEN with proper permissions, or consistently configure and document the required secret for all write safe-outputs.

View review comment

Recommended Fix

Choose one of the following approaches:

1. Remove the custom token — rely on GITHUB_TOKEN with appropriate permissions (issues: write, pull-requests: write) for all safe-outputs.
2. Consistently use GH_AW_AGENT_TOKEN — apply it to all write safe-outputs (create-issue, reply-to-pull-request-review-comment, etc.) and add documentation in the relevant README/DEVELOPMENT.md explaining what the secret is, what scopes it requires, and how to configure it.

Related PR

Related PR: #51

Generated by PR Review Comment — Create Issue for issue #51

Comments on the Issue (you are @copilot in this section)

• Fixes create-issue-command.md: Undocumented GH_AW_AGENT_TOKEN and inconsistent token configuration across safe-outputs #70

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.