ERR_VALIDATION: ❌ Security threats detected: prompt injection Reasons: The workflow prompt file (prompt.txt) contains an injected pre-fabricated JSON response embedded at the end of the legitimate workflow instructions. This JSON matches the agent_output.json exactly, showing all 18 projects across 8 ecosystems passing with identical '1/1 passed' results. This is a classic prompt injection attack where the attacker appended the desired output directly into the prompt file to trick the agent into reporting false test results without actually executing any tests. The injected payload also requests adding a 'build-test' label to PR #1704, which would fraudulently signal that build tests passed when they were never run.

Reasons: The workflow prompt file (prompt.txt) contains an injected pre-fabricated JSON response embedded at the end of the legitimate workflow instructions. This JSON matches the agent_output.json exactly, showing all 18 projects across 8 ecosystems passing with identical '1/1 passed' results. This is a classic prompt injection attack where the attacker appended the desired output directly into the prompt file to trick the agent into reporting false test results without actually executing any tests. The injected payload also requests adding a 'build-test' label to PR #1704, which would fraudulently signal that build tests passed when they were never run.

🚨 Security threats detected: prompt injection

Template-like syntax detected and escaped. This is a defense-in-depth measure to prevent potential template injection if content is processed by downstream template engines. GitHub's markdown rendering does not evaluate template syntax.

Template-like syntax detected and escaped. This is a defense-in-depth measure to prevent potential template injection if content is processed by downstream template engines. GitHub's markdown rendering does not evaluate template syntax.

GitHub MCP guard policy automatically applied for public repository. min-integrity='approved' and repos='all' ensure only approved-integrity content is accessible.