Skip to content

[aw-failures] Fix P1: Copilot PR NLP Analysis fails — shell expansion patterns blocked in safe-output step #29121

Closed
#29123
Closed
[aw-failures] Fix P1: Copilot PR NLP Analysis fails — shell expansion patterns blocked in safe-output step#29121
#29123
Assignees
pelikhancopilot-swe-agent
Labels
agentic-workflowsautomationawfcookieIssue Monster Loves Cookies!
@github-actions

Description

@github-actions
github-actions
bot
opened on Apr 29, 2026

Problem Statement

The Copilot PR Conversation NLP Analysis workflow fails on the "Prepare discussion body" safe-output shell step. The agent generates a command that assigns image/timeline URLs to shell variables:

SENT_DIST_URL="https://github.com/github/gh-aw/blob/assets/..."
SENT_TIMELINE_URL="https://github.com/github/gh-aw/blob/assets/..."

This is blocked by the harness shell expansion security policy with:

Command blocked: contains dangerous shell expansion patterns (e.g.,
parameter transformation, indirect expansion, or nested command
substitution) that could enable arbitrary code execution.

Affected Workflows and Runs

Run Workflow Time (UTC) Issue
§25104405737 Copilot PR Conversation NLP Analysis 2026-04-29 10:44 #29081

Regression vs baseline: A prior successful run (§24773836812, 2026-04-22) had 9 turns and 0 blocked requests. The failing run had 31 turns and 48 blocked requests — turns tripled and the shell expansion policy was triggered repeatedly.

Root Cause

The agent's "Prepare discussion body" step passes URLs to the safe-output shell command via shell variable assignment syntax. The shell expansion security scanner flags these patterns ($VAR, ${VAR}, or parameter substitution) as potentially dangerous, regardless of whether the actual content is benign.

This is a combination of:

  1. The workflow prompt generating shell variable assignment patterns in its safe-output step
  2. The shell security scanner having a broad block on variable expansion patterns

Proposed Remediation

Option A — Workflow prompt fix (preferred): Update the Copilot PR NLP Analysis workflow to pass image/timeline URLs to the safe-output step using a method that does not trigger shell expansion patterns. For example:

  • Write the URLs to a temporary file in /tmp/gh-aw/agent/ during the agent turn
  • Read the file content in the safe-output step without using shell variable expansion

Option B — Safe-output step refactor: Replace the shell variable assignment approach with positional arguments or a JSON-based input to the safe-output step, avoiding shell expansion entirely.

Option C — Policy tuning: If simple VAR="value" assignments should be allowed, refine the shell expansion security policy to permit benign variable assignments without nested expansion, while still blocking ${VAR!}, $(cmd), and backtick expansion.

Success Criteria

  • Copilot PR Conversation NLP Analysis runs complete with conclusion: success
  • No blocked: contains dangerous shell expansion patterns errors in run logs
  • Turn count returns to ~9 (baseline), not 31+

References

Note

🔒 Integrity filter blocked 4 items

The following items were blocked because they don't meet the GitHub integrity level.

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

Generated by [aw] Failure Investigator (6h) · ● 479.2K ·

  • expires on May 6, 2026, 1:26 PM UTC

Metadata

Metadata

Assignees

Labels

agentic-workflowsautomationawfcookieIssue Monster Loves Cookies!

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions