getsentry · nicohrubec · Feb 19, 2026 · cursor · Feb 19, 2026 · chargome
diff --git a/.github/workflows/fix-security-vulnerability.yml b/.github/workflows/fix-security-vulnerability.yml
@@ -28,17 +28,24 @@ jobs:
         with:
           ref: develop
 
+      - name: Extract alert number
+        id: alert
+        run: |
+          INPUT="${{ github.event.inputs.alert }}"
+          echo "number=${INPUT##*/}" >> "$GITHUB_OUTPUT"
+
       - uses: anthropics/claude-code-action@v1
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           prompt: |
+            YOUR FIRST ACTION - run this exact command before anything else:
+            gh api repos/getsentry/sentry-javascript/dependabot/alerts/${{ steps.alert.outputs.number }}
+
+            Then use the output to follow the skill instructions below.
+
             /fix-security-vulnerability ${{ github.event.inputs.alert }}
 
             IMPORTANT: Do NOT dismiss any alerts. Do NOT wait for approval.
-
-            IMPORTANT: To fetch the alert, use EXACTLY this command format (replacing <number> with the alert number):
-              gh api repos/getsentry/sentry-javascript/dependabot/alerts/<number>
-            Do NOT use --paginate, query parameters, GraphQL, curl, or any other approach.
             Your allowed tools are narrowly scoped - only the exact command patterns listed will be permitted.
 
             If you can fix the vulnerability: