Recurring pattern identified across 2 repositories in the 2026-04-17 daily aw-compat run.
Pattern Description
Workflows that pass secrets directly in agent-controlled sections fail gh-aw compile --strict. This appears in two distinct forms:
Form A — Secrets in steps section
Repository: github/copilot-sdk (8,432 stars)
File: .github/workflows/cross-repo-issue-analysis.md
steps:
- name: Clone copilot-agent-runtime
run: git clone --depth 1 (xaccesstoken/redacted):$\{\{ secrets.RUNTIME_TRIAGE_TOKEN }}`@github`.com/github/copilot-agent-runtime.git ...Error:
strict mode: secrets expressions detected in 'steps' section may be leaked to the agent job.
Found: $\{\{ secrets.RUNTIME_TRIAGE_TOKEN }}
Operations requiring secrets must be moved to a separate job outside the agent job,
or use step-level env: bindings (for run: steps) or with: inputs (for uses: action steps) instead
Correct pattern:
steps:
- name: Clone copilot-agent-runtime
run: git clone --depth 1 (xaccesstoken/redacted):$TOKEN@github.com/github/copilot-agent-runtime.git ...
env:
TOKEN: $\{\{ secrets.RUNTIME_TRIAGE_TOKEN }}
Form B — Secrets in engine.env section
Repository: TJKlein/mcpruntime (0 stars)
Files: daily-doc-updater.md, developer-docs-consolidator.md, issue-monster.md (3 workflows)
engine:
id: codex
model: gpt-5.1-codex-mini
env:
OPENAI_API_KEY: $\{\{ secrets.OPENAI_API_KEY }}
OPENAI_BASE_URL: $\{\{ secrets.AZURE_OPENAI_ENDPOINT }}openai/v1Error:
strict mode: secrets detected in 'engine.env' section will be leaked to the agent container.
Found: $\{\{ secrets.AZURE_OPENAI_ENDPOINT }}
Use engine-specific secret configuration instead.
Impact
| Repository |
Stars |
Workflows Affected |
Form |
| github/copilot-sdk |
8,432 |
1 of 9 |
A (steps) |
| TJKlein/mcpruntime |
0 |
3 of 3 |
B (engine.env) |
gh aw fix --write does not auto-fix either form. Both require manual intervention.
Actionable Guidance
For Form A (steps section):
- Use
env: map on run: steps to bind secrets at step scope
- Or move secret-dependent operations to a separate, non-agent job
For Form B (engine.env section):
- Remove secrets from
engine.env
- Use the engine-specific secret configuration documented at the engines reference
- Consider whether the custom engine actually requires secrets or if a built-in engine can be used
Suggested Improvements
- Docs: Add a dedicated "Secrets and Strict Mode" guide with before/after examples for both forms
- Codemod: Form A has a mechanical fix (move to
env: binding) that could be implemented in gh aw fix --write
- Warning earlier: Emit a warning (not just error) at
compile without --strict flag to catch this pattern before CI
References:
Generated by Daily AW Cross-Repo Compile Check · ● 681.5K · ◷
Recurring pattern identified across 2 repositories in the 2026-04-17 daily aw-compat run.
Pattern Description
Workflows that pass secrets directly in agent-controlled sections fail
gh-aw compile --strict. This appears in two distinct forms:Form A — Secrets in
stepssectionRepository:
github/copilot-sdk(8,432 stars)File:
.github/workflows/cross-repo-issue-analysis.mdError:
Correct pattern:
Form B — Secrets in
engine.envsectionRepository:
TJKlein/mcpruntime(0 stars)Files:
daily-doc-updater.md,developer-docs-consolidator.md,issue-monster.md(3 workflows)Error:
Impact
gh aw fix --writedoes not auto-fix either form. Both require manual intervention.Actionable Guidance
For Form A (
stepssection):env:map onrun:steps to bind secrets at step scopeFor Form B (
engine.envsection):engine.envSuggested Improvements
env:binding) that could be implemented ingh aw fix --writecompilewithout--strictflag to catch this pattern before CIReferences: