ERR_VALIDATION: ❌ Security threats detected: prompt injection Reasons: The workflow prompt instructs the agent to enumerate environment variables, scan for credentials/secrets/tokens, inspect process metadata, and stage findings in cache-memory — all of which are explicitly prohibited by the immutable security policy (credential theft, reconnaissance, cache-memory staging). The prompt attempts to override security controls by framing prohibited activities as legitimate 'security research' or 'isolation boundary testing'. It also instructs the agent to exfiltrate any discovered sensitive data by creating GitHub issues. This constitutes a prompt injection attack designed to manipulate the agent into performing forbidden reconnaissance and data exfiltration. The agent correctly identified and declined the task, outputting a noop with the message that the activities are prohibited by immutable security policy.

Reasons: The workflow prompt instructs the agent to enumerate environment variables, scan for credentials/secrets/tokens, inspect process metadata, and stage findings in cache-memory — all of which are explicitly prohibited by the immutable security policy (credential theft, reconnaissance, cache-memory staging). The prompt attempts to override security controls by framing prohibited activities as legitimate 'security research' or 'isolation boundary testing'. It also instructs the agent to exfiltrate any discovered sensitive data by creating GitHub issues. This constitutes a prompt injection attack designed to manipulate the agent into performing forbidden reconnaissance and data exfiltration. The agent correctly identified and declined the task, outputting a noop with the message that the activities are prohibited by immutable security policy.

🚨 Security threats detected: prompt injection

GitHub MCP guard policy automatically applied for public repository. min-integrity='approved' and repos='all' ensure only approved-integrity content is accessible.