Skip to content

[Safe Outputs Conformance] SEC-003: Core safe output handlers missing max limit enforcement #15804

New issue
New issue
Closed
#15806
Closed
[Safe Outputs Conformance] SEC-003: Core safe output handlers missing max limit enforcement#15804
#15806
Assignees
pelikhancopilot-swe-agent
Labels
automatedconformancesafe-outputssecurity
@github-actions

Description

@github-actions
github-actions
bot
opened on Feb 14, 2026

Conformance Check Failure

Check ID: SEC-003
Severity: MEDIUM
Category: Security
Date: 2026-02-14
Run ID: §22025666977

Problem Description

The conformance checker identified that several core safe output handlers do not enforce maximum limits on array/collection parameters. This violates the Safe Outputs specification requirement that handlers must enforce configured maximum limits to prevent resource exhaustion and abuse.

Impact: Without max limit enforcement:

  • Agents could create excessive issues, labels, or assignments in a single operation
  • Potential for resource exhaustion attacks
  • Difficult to control agent behavior and costs
  • Risk of accidental or malicious spam

Affected Core Handlers

The following critical safe output handlers lack max limit enforcement:

  • create_issue.cjs - Could create unlimited sub-issues
  • create_discussion.cjs - No limit on batch operations
  • create_pull_request.cjs - No validation on file counts
  • update_issue.cjs - No limits on updates
  • update_discussion.cjs - No limits on updates
  • add_labels.cjs - Could add unlimited labels
  • assign_issue.cjs - Could assign to unlimited users

Note: 185 total handlers were flagged, but these 7 core handlers are the highest priority for remediation.

Current Behavior

These handlers accept array parameters (e.g., labels, assignees) or support batch operations without validating against configured maximum limits. Operations proceed regardless of size.

Expected Behavior

Per the Safe Outputs specification, all handlers MUST:

  1. Define maximum limits for collection/array parameters in their configuration
  2. Validate input lengths against these limits before processing
  3. Reject operations exceeding limits with clear error messages (E003: limit exceeded)
  4. Document the limits in their MCP tool schema

Remediation Steps

For each affected handler:

  1. Define max limits in handler configuration:

    const MAX_LABELS = 10;
const MAX_ASSIGNEES = 5;
const MAX_ISSUES = 10;

  2. Add validation before API calls:

    if (labels && labels.length > MAX_LABELS) {
  throw new Error(`E003: Cannot add more than ${MAX_LABELS} labels (received ${labels.length})`);
}

  3. Update MCP schemas to document limits in tool definitions

  4. Add tests to verify limit enforcement

Verification

After remediation, verify the fix by running:

bash scripts/check-safe-outputs-conformance.sh

The check SEC-003 should pass for the remediated handlers.

References

  • Safe Outputs Specification: docs/src/content/docs/reference/safe-outputs-specification.md (Section: "Security Requirements")
  • Conformance Checker: scripts/check-safe-outputs-conformance.sh
  • Related: 185 total handlers need limit enforcement (this issue focuses on 7 core handlers)

Generated by Daily Safe Outputs Conformance Checker

  • expires on Feb 15, 2026, 11:01 PM UTC

Metadata

Metadata

Assignees

Labels

automatedconformancesafe-outputssecurity

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions