From 86df70295dfb2cb39734069da7f23df3a9a0aa6b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 24 Mar 2026 06:18:54 +0000
Subject: [PATCH 1/3] Initial plan


From 9dca63fc8310370aebdd2a0874e07458fb6fc7d0 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 24 Mar 2026 06:26:27 +0000
Subject: [PATCH 2/3] fix: SEC-004 add content sanitization for body field in
 assign_to_agent.cjs

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/e0eae109-12f4-4437-a8c3-6d3929bd3f78
---
 actions/setup/js/assign_to_agent.cjs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/actions/setup/js/assign_to_agent.cjs b/actions/setup/js/assign_to_agent.cjs
index 5697e233bfa..267f4e841e3 100644
--- a/actions/setup/js/assign_to_agent.cjs
+++ b/actions/setup/js/assign_to_agent.cjs
@@ -10,6 +10,7 @@ const { loadTemporaryIdMap, resolveRepoIssueTarget } = require("./temporary_id.c
 const { sleep } = require("./error_recovery.cjs");
 const { parseAllowedRepos, validateRepo, resolveTargetRepoConfig, resolveAndValidateRepo } = require("./repo_helpers.cjs");
 const { resolvePullRequestRepo } = require("./pr_helpers.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 async function main() {
   const result = loadAgentOutput();
@@ -612,7 +613,7 @@ async function main() {
         owner: r.owner,
         repo: r.repo,
         issue_number: failedNumber,
-        body: `⚠️ **Assignment failed**: Failed to assign ${r.agent} coding agent to this ${failedType}.\n\nError: ${r.error}`,
+        body: sanitizeContent(`⚠️ **Assignment failed**: Failed to assign ${r.agent} coding agent to this ${failedType}.\n\nError: ${r.error}`),
       });
       core.info(`Posted failure comment on ${failedType} #${failedNumber} in ${r.owner}/${r.repo}`);
     } catch (commentError) {

From 200b18c07bab562ea5bef3d4c245cd95d02b202e Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 24 Mar 2026 11:38:14 +0000
Subject: [PATCH 3/3] fix: add maxLength cap and sanitization test for failure
 comment body

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/7eab21e8-ac57-4ae9-8dfb-570e171cc136
---
 actions/setup/js/assign_to_agent.cjs      |  2 +-
 actions/setup/js/assign_to_agent.test.cjs | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/actions/setup/js/assign_to_agent.cjs b/actions/setup/js/assign_to_agent.cjs
index 267f4e841e3..01a9df4f70a 100644
--- a/actions/setup/js/assign_to_agent.cjs
+++ b/actions/setup/js/assign_to_agent.cjs
@@ -613,7 +613,7 @@ async function main() {
         owner: r.owner,
         repo: r.repo,
         issue_number: failedNumber,
-        body: sanitizeContent(`⚠️ **Assignment failed**: Failed to assign ${r.agent} coding agent to this ${failedType}.\n\nError: ${r.error}`),
+        body: sanitizeContent(`⚠️ **Assignment failed**: Failed to assign ${r.agent} coding agent to this ${failedType}.\n\nError: ${r.error}`, { maxLength: 65000 }),
       });
       core.info(`Posted failure comment on ${failedType} #${failedNumber} in ${r.owner}/${r.repo}`);
     } catch (commentError) {
diff --git a/actions/setup/js/assign_to_agent.test.cjs b/actions/setup/js/assign_to_agent.test.cjs
index 775820d50aa..c2824a30350 100644
--- a/actions/setup/js/assign_to_agent.test.cjs
+++ b/actions/setup/js/assign_to_agent.test.cjs
@@ -1059,6 +1059,29 @@ describe("assign_to_agent", () => {
     );
   });
 
+  it("should sanitize dangerous content in failure comment body", async () => {
+    setAgentOutput({
+      items: [{ type: "assign_to_agent", issue_number: 11, agent: "copilot" }],
+      errors: [],
+    });
+
+    // Simulate an error whose message contains an @mention and an HTML comment —
+    // both are potentially dangerous if posted unsanitized.
+    const dangerousError = new Error("@admin triggered <!-- inject --> error");
+    mockGithub.graphql.mockRejectedValue(dangerousError);
+
+    await eval(`(async () => { ${assignToAgentScript}; await main(); })()`);
+
+    expect(mockGithub.rest.issues.createComment).toHaveBeenCalledTimes(1);
+    const [callArg] = mockGithub.rest.issues.createComment.mock.calls[0];
+    // The body must be a string (sanitizeContent never returns undefined)
+    expect(typeof callArg.body).toBe("string");
+    // The raw @mention should be neutralized (wrapped in backticks, not bare)
+    expect(callArg.body).not.toMatch(/(?<!`)@admin(?!`)/);
+    // The HTML comment should be stripped
+    expect(callArg.body).not.toContain("<!-- inject -->");
+  });
+
   it("should not post failure comment when ignore-if-error skips the assignment", async () => {
     process.env.GH_AW_AGENT_IGNORE_IF_ERROR = "true";
     setAgentOutput({