ERR_VALIDATION: ❌ Security threats detected: prompt injection Reasons: The workflow prompt attempts to manipulate the agent into performing credential theft by framing it as 'security research.' It explicitly instructs the agent to scan environment variables, process metadata, file systems, CI/CD workspace files, and other sensitive locations for secrets and credentials. The 'red team' and 'security researcher' framing is a social engineering technique designed to bypass security controls. The agent correctly identified and declined this as credential theft, noting that 'no justification can authorize' such actions. The prompt also instructs persisting findings to cache-memory and reporting via GitHub issues, which represents a data exfiltration pattern. The agent's immutable security policy correctly prevented compliance.

Reasons: The workflow prompt attempts to manipulate the agent into performing credential theft by framing it as 'security research.' It explicitly instructs the agent to scan environment variables, process metadata, file systems, CI/CD workspace files, and other sensitive locations for secrets and credentials. The 'red team' and 'security researcher' framing is a social engineering technique designed to bypass security controls. The agent correctly identified and declined this as credential theft, noting that 'no justification can authorize' such actions. The prompt also instructs persisting findings to cache-memory and reporting via GitHub issues, which represents a data exfiltration pattern. The agent's immutable security policy correctly prevented compliance.

🚨 Security threats detected: prompt injection

GitHub MCP guard policy automatically applied for public repository. min-integrity='approved' and repos='all' ensure only approved-integrity content is accessible.