Frequently Asked Questions

No. As of March 2026, GitHub Agentic Workflows are in technical preview. The feature is under active development, and APIs and workflow syntax are subject to change. Use them for experimentation and early adoption, but plan for breaking changes before general availability.

Yes. Running AI agents consumes API tokens from your chosen provider (Anthropic, OpenAI, or GitHub Copilot). Each workflow run incurs costs based on the tokens processed. Monitor usage carefully, especially for scheduled workflows that run frequently.

No. By design, GitHub Agentic Workflows never merge PRs automatically. Agents can create pull requests with proposed changes, but human review and approval are always required before merging. This is a core security principle of the platform.

Currently, GitHub Agentic Workflows support three AI engines:
GitHub Copilot CLI (requires COPILOT_GITHUB_TOKEN)
Anthropic Claude Code (requires ANTHROPIC_API_KEY)
OpenAI Codex (requires OPENAI_API_KEY)
Workflow definitions are agent-independent, so you can switch between engines without rewriting your workflows.

GitHub Agentic Workflows enforce a principle of least privilege by default. Unlike running agents directly in YAML (which grants broad permissions), agentic workflows use:
Read-only access by default
Explicit safe-output declarations for any write operations
Sandboxed execution environments
Network isolation and tool allow-listing
Full auditability of all agent actions
This makes them safer for continuous, unattended operation.

Yes, but you must ensure your API keys and secrets are properly configured as repository secrets. The security model works the same for public and private repositories.

The primary risks include:
Prompt injection: Malicious inputs from issues, PRs, or comments could potentially manipulate agent behavior
Cost exposure: Unbounded workflow executions could consume significant API tokens
Generated noise: Poorly configured agents might create low-quality automated PRs or issues
Start with read-only reporting workflows and expand deliberately. Always review what your agents produce.

Minimal YAML knowledge is required. You need to configure basic frontmatter (triggers, permissions, outputs), but the core workflow logic is expressed in natural language Markdown. The gh aw CLI generates standard GitHub Actions YAML from your Markdown definition.

Yes. You can declare custom tools and Model Context Protocol (MCP) servers in the workflow frontmatter, and they’ll be available to the agent during execution — within the sandboxed environment and subject to network isolation rules.

Agentic workflow executions appear as standard GitHub Actions runs in your repository’s Actions tab. You can view logs, execution steps, and agent outputs just like any other workflow. The natural language prompt is also visible in the workflow file for iterative refinement.

The workflow will fail with an error indicating the token limit was exceeded. You’ll need to either simplify the task, increase your API token quota, or break the workflow into smaller, more focused tasks.

Only if explicitly whitelisted through the Agent Workflow Firewall (AWF) configuration. By default, agents are network-isolated and can only access GitHub APIs and resources you explicitly permit.