From b31b30f31db73018cee86ccd20c9ad132452e6a5 Mon Sep 17 00:00:00 2001 From: Georgi Gerganov Date: Fri, 20 Mar 2026 19:06:33 +0200 Subject: [PATCH] ai : do not run bash commands in the prompt (#20810) --- .github/workflows/ai-issues.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ai-issues.yml b/.github/workflows/ai-issues.yml index 8e6f1863e4..dacaf3fbce 100644 --- a/.github/workflows/ai-issues.yml +++ b/.github/workflows/ai-issues.yml @@ -26,7 +26,8 @@ jobs: { "bash": { "*": "deny", - "gh issue*": "allow" + "gh issue*": "allow", + "gh search*": "allow" }, "webfetch": "deny" } @@ -38,11 +39,9 @@ jobs: Issue number: ${{ github.event.issue.number }} - Lookup the contents of the issue using the following `gh` command: + Lookup the contents of the issue using the following 'gh' command: - ```bash gh issue view ${{ github.event.issue.number }} --json title,body,url,number - ``` Next, perform the following task and then post a SINGLE comment (if needed). @@ -50,7 +49,7 @@ jobs: TASK : FIND RELATED ISSUES - Using the `gh` CLI tool, search through existing issues on Github. + Using the 'gh' CLI tool, search through existing issues on Github. Find related or similar issues to the newly created one and list them. Do not list the new issue itself (it is #${{ github.event.issue.number }}). @@ -83,5 +82,5 @@ jobs: - Do not include the comment tags in your actual comment. - Post at most ONE comment combining all findings. - If you didn't find issues that are related enough, post nothing. - - You have access only to the `gh` CLI tool - don't try to use other tools. + - You have access only to the 'gh' CLI tool - don't try to use other tools. "