docs: replace unsafe step implementation in post-processing pattern example

[Copilot]

The post-processing pattern example in the deterministic agentic patterns guide used ${{ inputs.summary }} and ${{ github.event.pull_request.number }} directly in shell run commands — a template injection pattern the compiler actively rejects, making the docs contradict actual behavior.

Changes

• docs/src/content/docs/guides/deterministic-agentic-patterns.md: Replace the 5-line unsafe steps: implementation with - ... to avoid showing a copy-pasteable injection-vulnerable example while preserving the structural intent of the snippet.

Before:

steps:
  - run: |
      echo "## 🤖 AI Code Review\n\n${{ inputs.summary }}" > /tmp/report.md
      gh pr comment ${{ github.event.pull_request.number }} --body-file /tmp/report.md
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

After:

steps:
  - ...

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Your Docs Provide an Unsafe Expression</issue_title>
<issue_description>In your examples, this expression is given (https://github.github.com/gh-aw/guides/deterministic-agentic-patterns/#post-processing-pattern):

format-and-notify:
      description: "Format and post review"
      runs-on: ubuntu-latest
      inputs:
        summary: {required: true, type: string}
      steps:
        - run: |
            echo "##  AI Code Review\n\n${{ inputs.summary }}" > /tmp/report.md
            gh pr comment ${{ github.event.pull_request.number }} --body-file /tmp/report.md
          env:
            GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

But if you try to actually compile this it fails:

The following expressions are used directly in shell commands, which enables template injection attacks:

  workflow inputs context (1 occurrence(s)):
    - ${{ inputs.summary }}
      in: echo "##  AI Code Review\n\n${{ inputs.summary }}" > /tmp/report.md

  github.event context (1 occurrence(s)):
    - ${{ github.event.pull_request.number }}
      in: gh pr comment ${{ github.event.pull_request.number }} --body-file /tmp/report.md

Security Risk:
  When expressions are used directly in shell commands, an attacker can inject
  malicious code through user-controlled inputs (issue titles, PR descriptions,
  comments, etc.) to execute arbitrary commands, steal secrets, or modify the repository.

Safe Pattern - Use environment variables instead:
  env:
    MY_VALUE: ${{ github.event.issue.title }}
  run: |
    echo "Title: $MY_VALUE"

Unsafe Pattern - Do NOT use expressions directly:
  run: |
    echo "Title: ${{ github.event.issue.title }}"  # UNSAFE!

References:
  - https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
  - https://docs.zizmor.sh/audits/#template-injection
  - scratchpad/template-injection-prevention.md

I'm trying to provide inputs and it's confusing when your own docs contradict the way the compiler step works.

For instance, it's unclear to me if this is the expected way to do this? Will this work?

# When it's done generating the summary, the agent will use a "safe output" (see https://github.github.io/gh-aw/reference/custom-safe-outputs/)
safe-outputs:
  jobs:
    send-slack-summary:
      description: "Sends notification to Slack"
      runs-on: ubuntu-latest
      inputs:
        summary:
            required: true
            type: string
      steps:
        - run: ./mise/tasks/github/slack/release-summary --tag "$TAG" --summary "$SUMMARY" --webhook-url "$SLACK_RELEASES_WEBHOOK_URL"
          env:
            TAG: ${{ inputs.release_tag }}
            SLACK_RELEASES_WEBHOOK_URL: ${{ secrets.SLACK_RELEASES_WEBHOOK_URL }}
            SUMMARY: ${{ inputs.summary }}
```</issue_description>

## Comments on the Issue (you are @copilot in this section)

<comments>
<comment_new><author>@pelikhan</author><body>
Remove steps details in the docs, use ...</body></comment_new>
</comments>

• Fixes Your Docs Provide an Unsafe Expression #18763

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

Updates the deterministic agentic patterns guide to avoid documenting an unsafe (and compiler-rejected) GitHub Actions template-injection pattern in the post-processing example.

Changes:

• Replaces the detailed steps: implementation in the “Post-Processing Pattern” snippet with a placeholder to avoid showing an injection-vulnerable copy/paste example.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The placeholder `steps:

• ...is not a valid GitHub Actions step shape (steps must be objects withrun:/uses:). As written, a reader copying this snippet will get a workflow validation error. Consider replacing this with a minimal *valid* stub step (e.g., a name:plus a harmlessrun:) and/or add a comment indicating the implementation is intentionally omitted, while still avoiding unsafe ${{ }}usage inrun:`.

Suggested change

	- ...
	- name: Placeholder format-and-notify step
	run: echo "TODO: implement format-and-notify steps"