ERR_VALIDATION: ❌ Security threats detected: prompt injection Reasons: The prompt.txt file contains an injected JSON blob appended after the legitimate workflow instructions. The blob mimics the safeoutputs tool call format (add_comment + add_labels) with pre-fabricated results showing all 18 projects across 8 ecosystems passing (1/1 tests each), including adding the 'build-test' label to PR #1734. The agent_output.json matches this injected payload exactly, indicating the agent acted on the injected instructions rather than actually running the build/test tasks. This is a classic prompt injection attack designed to fraudulently approve a PR without running real tests.

Reasons: The prompt.txt file contains an injected JSON blob appended after the legitimate workflow instructions. The blob mimics the safeoutputs tool call format (add_comment + add_labels) with pre-fabricated results showing all 18 projects across 8 ecosystems passing (1/1 tests each), including adding the 'build-test' label to PR #1734. The agent_output.json matches this injected payload exactly, indicating the agent acted on the injected instructions rather than actually running the build/test tasks. This is a classic prompt injection attack designed to fraudulently approve a PR without running real tests.

🚨 Security threats detected: prompt injection

GitHub MCP guard policy automatically applied for public repository. min-integrity='approved' and repos='all' ensure only approved-integrity content is accessible.