A developer asks Copilot CLI to repair a failing release pipeline. Copilot proposes a command sequence that uses a broad token already exported in the terminal session. Which option is the best guardrail response?
cd ~/work/payments-api
export GH_TOKEN="$ADMIN_PAT"
copilot
# Prompt:
# Fix the release workflow and update the production deployment job.
# Copilot-proposed commands:
gh secret set CLOUD_ADMIN_TOKEN --body "$CLOUD_ADMIN_TOKEN"
gh workflow run release.yml --ref main
gh pr merge 417 --squash --delete-branchChoose an answer
Tap an option to check your answer.
Correct answer: Stop and require human review of token scope and merge action.
Why this is the answer
The correct answer is to stop and require human review because the proposed commands present significant security and operational risks. The command gh secret set CLOUDADMINTOKEN --body "$CLOUDADMINTOKEN" attempts to set a secret using a broad token ($ADMINPAT) that was previously exported. This could inadvertently expose a highly privileged token, especially if $CLOUDADMINTOKEN is also broad. Additionally, gh pr merge 417 --squash --delete-branch performs an irreversible merge and branch deletion without human oversight, which is risky for a production release. Running the commands because Copilot generated them locally is incorrect as local generation doesn't guarantee safety or correctness. Replacing the PAT with github.token inside the workflow is a good security practice for workflows but doesn't address the immediate risks of the proposed commands or the merge action. Moving the commands into a reusable workflow file is a good practice for reusability but doesn't mitigate the security and operational risks of the specific commands proposed.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed