diff --git a/.github/workflows/discussion_answering.yml b/.github/workflows/discussion_answering.yml index 2729eb240e..fe4609bf50 100644 --- a/.github/workflows/discussion_answering.yml +++ b/.github/workflows/discussion_answering.yml @@ -64,8 +64,6 @@ jobs: INTERACTIVE: 0 PYTHONPATH: contributing/samples/adk_team run: | - # Write discussion data to temporary file to avoid secret masking issues - cat > /tmp/discussion.json << 'EOF' - ${{ toJson(github.event.discussion) }} - EOF - python -m adk_answering_agent.main --discussion-file /tmp/discussion.json + # Security fix: Do not pass raw event data to agent prompt. + # Pass only the discussion number; agent fetches content via GitHub API. + python -m adk_answering_agent.main --discussion_number ${{ github.event.discussion.number || github.event.comment.discussion.number }} diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml index ed0f851497..f5e6f1813a 100644 --- a/.github/workflows/triage.yml +++ b/.github/workflows/triage.yml @@ -61,8 +61,8 @@ jobs: INTERACTIVE: 0 EVENT_NAME: ${{ github.event_name }} # 'issues', 'schedule', etc. ISSUE_NUMBER: ${{ github.event.issue.number }} - ISSUE_TITLE: ${{ github.event.issue.title }} - ISSUE_BODY: ${{ github.event.issue.body }} + # ISSUE_TITLE removed: fetch via GitHub API in agent to prevent prompt injection + # ISSUE_BODY removed: fetch via GitHub API in agent to prevent prompt injection ISSUE_COUNT_TO_PROCESS: '3' # Process 3 issues at a time on schedule PYTHONPATH: contributing/samples/adk_team run: python -m adk_triaging_agent.main