Agent Persona Exploration - 2026-04-04

[github-actions[bot]]

This report summarizes an exploration of how the agentic-workflows custom agent responds to workflow creation requests from 5 different software worker personas. Seven representative scenarios were tested and evaluated across 5 quality dimensions.

Persona Overview

• Agent: agentic-workflows (create mode)
• Scenarios Tested: 7 (across 5 personas)
• Average Quality Score: 4.5/5.0
• Test Date: 2026-04-04

Key Findings

• Security posture is consistently strong (avg 4.9/5) — the agent reliably applies read-only agent job permissions and routes all writes through safe-outputs
• Trigger selection is accurate (avg 4.7/5) — correct trigger types (pull_request, workflow_run, schedule: weekly) are chosen with appropriate path filters
• Tool selection is accurate (avg 4.7/5) — tools.github is used for GitHub API access (not network.allowed), and playwright is correctly suggested for browser tasks
• Prompt clarity is the weakest dimension (avg 3.9/5) — complex multi-step agent chains lack explicit edge-case handling (artifact unavailability, timing, missing secrets guidance)
• Completeness drops on complex scenarios — visually-intensive (fe-1) and artifact-dependent (qa-1) workflows received the lowest scores due to architectural gaps not surfaced proactively

Top Patterns

1. Dominant triggers: pull_request (path-filtered) for code automation, schedule: weekly (fuzzy) for digests, workflow_run for reactive deployment monitoring
2. Common tools: tools.github (toolsets: default) in every scenario; bash for local file analysis; playwright for visual tasks; network.allowed only for external APIs
3. Security consistency: All scenarios correctly used safe-outputs for writes, read-only permissions:, and noop safe-output for no-op paths — no insecure configurations observed

View High Quality Responses (Score ≥ 4.6)

pm-1 — Weekly Feature Digest (5.0/5): Textbook minimal-footprint workflow. Pure tools.github read + one create-discussion safe-output, no network access, fuzzy weekly schedule. Ideal reference example for PM-style reporting workflows.

be-1 — DB Migration Risk Assessor (4.8/5): Excellent use of paths: db/migrations/** trigger filter. Uses bash cat for local file analysis (more reliable than GitHub API fetches). hide-older-comments: true on the comment safe-output keeps PR threads clean across re-pushes.

be-2 — Performance Alert Triage (4.8/5): Notable insight: roles: all is critical for monitoring-bot-created issues. Without it, the workflow silently skips the most important triggers. Strong tools.github default usage for commit/PR search.

do-1 — Deployment Incident Creator (4.6/5): Correctly uses workflow_run trigger with noop safe-output for the success path. The deliberate close-older-issues: false on incident issues is a thoughtful safety practice — incidents should require manual triage.

View Areas for Improvement (Score ≤ 4.2)

fe-1 — Visual Regression Reporter (4.0/5): The agent proposes a single workflow but a production-ready implementation requires two: one on push to main to capture baseline screenshots as artifacts, and one on pull_request to fetch and compare. The agent does not proactively surface this architectural requirement. Prompt score suffered for insufficient guidance on baseline strategy.

qa-1 — Coverage Regression (4.0/5): Artifact availability is timing-dependent — CI may still be running when the PR is opened. The agent proposes pull_request trigger but doesn't suggest the superior workflow_run trigger (keyed to CI completing), which guarantees artifacts exist. The multi-step chain (find run → download artifact → diff JSON → format comment) needs explicit prompt steps to avoid ambiguous LLM behavior.

do-2 — Weekly Cost Digest (4.2/5): Secret binding gap — the agent correctly infers COST_API_TOKEN is needed but places it in the prompt description rather than providing guidance on secret declaration. Minor security gap: no HTTPS enforcement guidance for the internal API endpoint.

Recommendations

1. Add artifact-workflow timing guidance to .github/aw/create-agentic-workflow.md: When a user requests "read CI artifacts on PR open", proactively suggest the workflow_run trigger (keyed to the CI workflow completing) instead of pull_request to guarantee artifact availability. Add a heuristic: "If the task requires CI artifacts, use workflow_run not pull_request."

2. Add multi-workflow composition guidance to .github/aw/github-agentic-workflows.md: For visual regression and similar stateful comparisons, document the baseline + comparison two-workflow pattern explicitly. The agent should recognize when a single workflow cannot capture both sides of a diff (before/after state) and proactively explain the split.

3. Add secret binding conventions to .github/aw/create-agentic-workflow.md: When network.allowed is configured for an external API, the agent should remind users to declare the required secret (e.g., API_TOKEN) as a GitHub repository secret and reference it in the prompt with a standard pattern. This prevents secret-handling ambiguity and reduces incomplete configurations.

Scenario Score Breakdown

Scenario	Persona	Type	Trigger	Tools	Security	Prompt	Complete	Avg
pm-1 Weekly Digest	Product Manager	Scheduled	5	5	5	5	5	5.0
be-1 Schema Review	Backend Engineer	PR automation	5	5	5	4	5	4.8
be-2 Alert Triage	Backend Engineer	Issue automation	5	5	5	4	5	4.8
do-1 Incident Creator	DevOps Engineer	Issue automation	5	5	5	4	4	4.6
do-2 Cost Digest	DevOps Engineer	Scheduled	5	4	4	4	4	4.2
fe-1 Visual Regression	Frontend Developer	PR automation	4	5	5	3	3	4.0
qa-1 Coverage Check	QA Tester	PR automation	4	4	5	3	4	4.0
Averages			4.7	4.7	4.9	3.9	4.3	4.5

References: §23970400897

Generated by Agent Persona Explorer · ● 1.2M · ◷

[github-actions[bot]]

This discussion has been marked as outdated by Agent Persona Explorer.

A newer discussion is available at Discussion #24656.