Problem
Two related issues in the generated agent prompt that together leave the agent without a clear understanding of what safeoutputs is or how to invoke it.
1. mcp_cli_tools_prompt.md lost all concept explanation (Jun 3, commit 04ef6cc)
PR #36778 replaced the 68-line mcp-clis block with a 5-line stub in the name of prompt size reduction. The removed content included:
- An explanation that CLI servers are standalone executables invoked from bash (not MCP tools)
- A clear statement that
safeoutputs and mcpscripts must be called as CLI commands, not via MCP
- Concrete bash examples for
safeoutputs, playwright, and mcpscripts
- The JSON stdin approach with a real example
The current block gives an agent no mental model of what a "CLI server" is:
<mcp-clis>
CLI servers are available on `PATH`:
- `safeoutputs` — run `safeoutputs --help` to see available tools
Use `<server> --help` for tool names, parameters, and examples before calling any command.
To pass many arguments safely, pipe a JSON object on stdin with `printf` and pass `.` as the payload sentinel: ...
</mcp-clis>
2. safe_outputs_prompt.md line 2 calls safeoutputs an "MCP server" — contradicting the CLI framing
gh CLI is NOT authenticated. Use safeoutputs MCP server tools for GitHub writes...
The agent is simultaneously told in <mcp-clis> that safeoutputs is a "CLI server" and in <safe-outputs> that it is an "MCP server". An agent that doesn't understand the concept may fall back to trying MCP tool calls.
Impact
Observed in run https://github.com/github/github-automation/actions/runs/27649385891/job/81769559261#step:15:12 — the generated prompt has both contradictory descriptions and no explanation of the CLI invocation model.
Suggested fix
-
Restore a brief concept sentence to mcp_cli_tools_prompt.md, e.g. "Each server is a standalone executable on PATH — invoke it from bash like any shell command (e.g. safeoutputs add_comment --item_number 42 --body "...")."
-
Fix line 2 of safe_outputs_prompt.md to say "CLI tool" instead of "MCP server":
- Before:
Use safeoutputs MCP server tools for GitHub writes
- After:
Use the safeoutputs CLI tool for GitHub writes
References
Problem
Two related issues in the generated agent prompt that together leave the agent without a clear understanding of what
safeoutputsis or how to invoke it.1.
mcp_cli_tools_prompt.mdlost all concept explanation (Jun 3, commit04ef6cc)PR #36778 replaced the 68-line
mcp-clisblock with a 5-line stub in the name of prompt size reduction. The removed content included:safeoutputsandmcpscriptsmust be called as CLI commands, not via MCPsafeoutputs,playwright, andmcpscriptsThe current block gives an agent no mental model of what a "CLI server" is:
2.
safe_outputs_prompt.mdline 2 calls safeoutputs an "MCP server" — contradicting the CLI framingThe agent is simultaneously told in
<mcp-clis>that safeoutputs is a "CLI server" and in<safe-outputs>that it is an "MCP server". An agent that doesn't understand the concept may fall back to trying MCP tool calls.Impact
Observed in run https://github.com/github/github-automation/actions/runs/27649385891/job/81769559261#step:15:12 — the generated prompt has both contradictory descriptions and no explanation of the CLI invocation model.
Suggested fix
Restore a brief concept sentence to
mcp_cli_tools_prompt.md, e.g. "Each server is a standalone executable onPATH— invoke it from bash like any shell command (e.g.safeoutputs add_comment --item_number 42 --body "...")."Fix line 2 of
safe_outputs_prompt.mdto say "CLI tool" instead of "MCP server":Use safeoutputs MCP server tools for GitHub writesUse the safeoutputs CLI tool for GitHub writesReferences
04ef6cc988(PR Replace MCP CLI system-block prompt with slim version (no feature flag) #36778)actions/setup/md/safe_outputs_prompt.mdline 2actions/setup/md/mcp_cli_tools_prompt.md