Access denied: Potential confused deputy attack detected. Actor '<account_name>' does not match the event author. The workflow may have been triggered indirectly via a bot command.

[maikelvdh]

When having frontmatter configuration like:

on:
  pull_request:
    types: [opened, reopened, synchronize]

We are noticing on events like: PR Release Notes #1: Pull request https://github.com/<org>/<repo>/pull/1 synchronize by <actor_name> the following error in pre-activation:

Access denied: Potential confused deputy attack detected. Actor '<actor_name>' does not match the event author. The workflow may have been triggered indirectly via a bot command.

The <actor_name> is matching 100% in both the event and error message.

[pelikhan]

Could you ask the agentic-workflows agent to debug this issue deeper to determine what hapened?

[MaikelvandenHurk-TomTom]

The problem is that it is not accounted as error, but rather as warning in the pre-activation stage which is marked as success still. Nevertheless when trying to debug it further for the reason it turns out that if the original PR creator actor isn't matching with the actor of the last commits to PR. That means in practice it isn't fully about the last event actor, which means that collaboration on a single PR isn't possible with agentic workflow as such?