diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml
index 3bfacb2ba0..878ec718c8 100644
--- a/.github/workflows/breaking-change-checker.lock.yml
+++ b/.github/workflows/breaking-change-checker.lock.yml
@@ -643,11 +643,17 @@ jobs:
           
           ### If NO Breaking Changes Found
           
-          Output a noop message:
+          **YOU MUST CALL** the `noop` tool to log completion:
           
+          ```json
+          {
+            "noop": {
+              "message": "No breaking changes detected in commits from the last 24 hours. Analysis complete."
+            }
+          }
           ```
-          No breaking changes detected in commits from the last 24 hours. Analysis complete.
-          ```
+          
+          **DO NOT just write this message in your output text** - you MUST actually invoke the `noop` tool. The workflow will fail if you don't call it.
           
           Do NOT create an issue if there are no breaking changes.
           
diff --git a/.github/workflows/breaking-change-checker.md b/.github/workflows/breaking-change-checker.md
index cb3bfb0986..dfd52fae28 100644
--- a/.github/workflows/breaking-change-checker.md
+++ b/.github/workflows/breaking-change-checker.md
@@ -129,12 +129,18 @@ Is it removing schema fields or making optional fields required?
 
 ### If NO Breaking Changes Found
 
-Output a noop message:
-
-```
-No breaking changes detected in commits from the last 24 hours. Analysis complete.
+**YOU MUST CALL** the `noop` tool to log completion:
+
+```json
+{
+  "noop": {
+    "message": "No breaking changes detected in commits from the last 24 hours. Analysis complete."
+  }
+}
 ```
 
+**DO NOT just write this message in your output text** - you MUST actually invoke the `noop` tool. The workflow will fail if you don't call it.
+
 Do NOT create an issue if there are no breaking changes.
 
 ### If Breaking Changes Found
diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml
index 75f1e1718e..2174b07956 100644
--- a/.github/workflows/daily-malicious-code-scan.lock.yml
+++ b/.github/workflows/daily-malicious-code-scan.lock.yml
@@ -874,7 +874,7 @@ jobs:
           - ✅ Scans for secret exfiltration patterns
           - ✅ Detects out-of-context code
           - ✅ Checks for suspicious system operations
-          - ✅ Generates code-scanning alerts (not issues) for findings
+          - ✅ **Calls the `create_code_scanning_alert` tool for findings OR calls the `noop` tool if clean**
           - ✅ Provides detailed, actionable alert descriptions
           - ✅ Completes within 15-minute timeout
           - ✅ Handles repositories with no changes gracefully
@@ -884,12 +884,14 @@ jobs:
           Your output MUST:
           
           1. **If suspicious patterns are found**:
-             - Generate code-scanning alerts using the `create_code_scanning_alert` output format
+             - **CALL** the `create_code_scanning_alert` tool for each finding
              - Each alert must include: rule_id, message, severity, file_path, start_line, description
              - Provide detailed descriptions explaining the threat and remediation
           
-          2. **If no suspicious patterns are found**:
-             - Use the `noop` output to log completion:
+          2. **If no suspicious patterns are found** (REQUIRED):
+             - **YOU MUST CALL** the `noop` tool to log completion
+             - This is a **required safe output** - the workflow will fail if you don't call it
+             - Call the tool with this message structure:
              ```json
              {
                "noop": {
@@ -897,6 +899,7 @@ jobs:
                }
              }
              ```
+             - **DO NOT just write this message in your output text** - you MUST actually invoke the `noop` tool
           
           3. **Analysis summary** (in alert descriptions or noop message):
              - Number of files analyzed
@@ -929,6 +932,14 @@ jobs:
           }
           ```
           
+          ## ⚠️ CRITICAL REMINDER
+          
+          **YOU MUST produce a safe output:**
+          - **If threats found**: Call the `create_code_scanning_alert` tool for each finding
+          - **If no threats found**: Call the `noop` tool with a completion message
+          
+          **The workflow WILL FAIL if you don't call one of these tools.** Writing a message in your output text is NOT sufficient - you must actually invoke the tool.
+          
           Begin your daily malicious code scan now. Analyze all code changes from the last 3 days, identify suspicious patterns, and generate appropriate code-scanning alerts for any threats detected.
           
           PROMPT_EOF
diff --git a/.github/workflows/daily-malicious-code-scan.md b/.github/workflows/daily-malicious-code-scan.md
index 1ecc4cedc0..3290d4c5b4 100644
--- a/.github/workflows/daily-malicious-code-scan.md
+++ b/.github/workflows/daily-malicious-code-scan.md
@@ -256,7 +256,7 @@ A successful malicious code scan:
 - ✅ Scans for secret exfiltration patterns
 - ✅ Detects out-of-context code
 - ✅ Checks for suspicious system operations
-- ✅ Generates code-scanning alerts (not issues) for findings
+- ✅ **Calls the `create_code_scanning_alert` tool for findings OR calls the `noop` tool if clean**
 - ✅ Provides detailed, actionable alert descriptions
 - ✅ Completes within 15-minute timeout
 - ✅ Handles repositories with no changes gracefully
@@ -266,12 +266,14 @@ A successful malicious code scan:
 Your output MUST:
 
 1. **If suspicious patterns are found**:
-   - Generate code-scanning alerts using the `create_code_scanning_alert` output format
+   - **CALL** the `create_code_scanning_alert` tool for each finding
    - Each alert must include: rule_id, message, severity, file_path, start_line, description
    - Provide detailed descriptions explaining the threat and remediation
 
-2. **If no suspicious patterns are found**:
-   - Use the `noop` output to log completion:
+2. **If no suspicious patterns are found** (REQUIRED):
+   - **YOU MUST CALL** the `noop` tool to log completion
+   - This is a **required safe output** - the workflow will fail if you don't call it
+   - Call the tool with this message structure:
    ```json
    {
      "noop": {
@@ -279,6 +281,7 @@ Your output MUST:
      }
    }
    ```
+   - **DO NOT just write this message in your output text** - you MUST actually invoke the `noop` tool
 
 3. **Analysis summary** (in alert descriptions or noop message):
    - Number of files analyzed
@@ -311,4 +314,12 @@ Your output MUST:
 }
 ```
 
+## ⚠️ CRITICAL REMINDER
+
+**YOU MUST produce a safe output:**
+- **If threats found**: Call the `create_code_scanning_alert` tool for each finding
+- **If no threats found**: Call the `noop` tool with a completion message
+
+**The workflow WILL FAIL if you don't call one of these tools.** Writing a message in your output text is NOT sufficient - you must actually invoke the tool.
+
 Begin your daily malicious code scan now. Analyze all code changes from the last 3 days, identify suspicious patterns, and generate appropriate code-scanning alerts for any threats detected.