Agent Persona Exploration - 2026-04-28

[github-actions[bot]]

Persona Overview

• Agent: create-agentic-workflow (.github/aw/create-agentic-workflow.md)
• Scenarios Tested: 4 representative scenarios across 4 personas
• Average Quality Score: 4.2/5.0

Analysis was performed by reviewing the agent's instructions (1,041 lines) and simulating responses for representative scenarios. The agent is highly prescriptive with strong security defaults.

---

Key Findings

1. Security posture is excellent: The agent consistently enforces read-only agent jobs with writes-via-safe-outputs, making this a non-negotiable pattern.
2. GitHub MCP is always preferred: Direct api.github.com access is explicitly blocked; the agent correctly routes all GitHub reads through tools: github:.
3. Fuzzy scheduling is underutilized: The agent recommends schedule: daily / schedule: weekly patterns over cron expressions but may not surface this proactively in non-interactive mode.
4. Network ecosystem inference is strong: The agent correctly maps repo language indicators (go.mod, package.json, etc.) to network allowlists — this is a particularly valuable pattern.
5. noop safe-output is emphasized: The agent explicitly calls out noop for no-action completions, which reduces silent failures.

---

Top Patterns

1. Most common trigger suggestions: pull_request (PR review scenarios), schedule: weekly (digest/reporting), issues (triage), slash_command (on-demand)
2. Most recommended tools: github: toolsets: [default] for API reads; agentic-workflows: for log analysis; web-fetch: + network allowlist for external data
3. Security practices observed: permissions: read-all baseline, safe-outputs for all writes, no direct API tokens in prompts, explicit roles: guidance for public repos

---

View Scenario Assessments

Scenario 1 — Backend Engineer: PR Schema Change Review

• Trigger: pull_request (opened, synchronize) ✅
• Tools: github: toolsets: [default] for diff reading ✅
• Network: defaults + go (inferred from go.mod) ✅
• Safe-outputs: add-comment: ✅
• Security: permissions: read-all enforced ✅
• Scores: Trigger 5, Tools 4, Security 5, Prompt 4, Completeness 4 — Avg 4.4
• Notes: Agent correctly infers network ecosystem. Prompt would include specific schema diff analysis instructions.

Scenario 2 — DevOps Engineer: Failed Deployment Log Analysis

• Trigger: workflow_run (types: [completed], workflows: ["deploy"]) ✅
• Tools: agentic-workflows: (logs + audit) + github: toolsets: [actions] ✅
• Network: defaults ✅
• Safe-outputs: create-issue: for incidents ✅
• Security: permissions: actions: read correctly added ✅
• Scores: Trigger 5, Tools 5, Security 5, Prompt 4, Completeness 4 — Avg 4.6
• Notes: Strongest scenario — agent has explicit documentation for this pattern (cache-memory tip for deduplication of run IDs).

Scenario 3 — QA Tester: Test Coverage PR Analysis

• Trigger: pull_request ✅
• Tools: github: toolsets: [default] ✅
• Network: defaults + go ✅
• Safe-outputs: add-comment: ✅
• Security: permissions: read-all ✅
• Scores: Trigger 5, Tools 4, Security 5, Prompt 3, Completeness 3 — Avg 4.0
• Notes: Agent may not suggest running actual test commands or accessing coverage artifacts. The prompt body guidance for "analyze coverage diff from artifact" may be underdeveloped.

Scenario 4 — Product Manager: Weekly Feature Digest

• Trigger: schedule: weekly (fuzzy, auto-adds workflow_dispatch) ✅
• Tools: github: toolsets: [issues, pull_requests] ✅
• Network: defaults ✅
• Safe-outputs: create-discussion: ✅
• Security: permissions: read-all ✅
• Scores: Trigger 5, Tools 4, Security 5, Prompt 3, Completeness 3 — Avg 4.0
• Notes: Fuzzy schedule pattern is well-handled. The prompt body for "group by customer impact" is vague — agent would need project/label taxonomy from the user.

View Areas for Improvement

• Coverage artifact analysis: No documented pattern for reading CI coverage artifacts from a PR. QA and Backend scenarios that need artifact data lack a clear tool path.
• Interactive vs. non-interactive mode gap: In non-interactive (issue form) mode, the agent may produce a generic workflow without enough tailoring for domain-specific prompts (e.g., schema migration rules for DB engineers).
• Missing tool tracking: missing-tool: create-issue: true is listed as a best practice for new workflows but is only noted in a side-comment — not consistently emphasized during generation.

---

Recommendations

1. Add coverage artifact tool guidance to .github/aw/github-agentic-workflows.md: Document a pattern for reading GitHub Actions artifacts (e.g., coverage XML, test results) within PR-triggered workflows, since this is a common QA and backend need.
2. Strengthen domain-specific prompt templates in .github/aw/create-agentic-workflow.md: Add example prompt bodies for the most common personas (schema review, coverage analysis, deployment monitoring) so non-interactive mode produces higher-quality, actionable prompts out of the box.
3. Prominently surface missing-tool tracking in new workflow checklist: The missing-tool: create-issue: true guidance is valuable but easy to miss — consider adding it to the generation checklist (line ~841 in create-agentic-workflow.md) as a default recommendation for all new workflows.

---

References:

• §25033072752

Generated by Agent Persona Explorer · ● 452.5K · ◷

[github-actions[bot]]

This discussion has been marked as outdated by Agent Persona Explorer.

A newer discussion is available at Discussion #29038.