Bug: safe-inputs with script: always returns {"stdout":"","stderr":""}

Summary

A safe-inputs entry using the script: runner always produces {"stdout":"","stderr":""} when called, regardless of what the script does. The return value is never surfaced to the agent.

Steps to Reproduce

Define a safe-input with script::

safe-inputs:
  github-graphql:
    inputs:
      query:
        type: string
        required: true
      variables:
        type: string
        required: false
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    script: |
      const graphql = require('@octokit/graphql').graphql.defaults({
        headers: { authorization: `token ${process.env.GITHUB_TOKEN}` }
      });
      const vars = inputs.variables ? JSON.parse(inputs.variables) : {};
      const result = await graphql(inputs.query, vars);
      return result;

Call it from a workflow. The agent receives:

{"stdout":"","stderr":""}

What I Tried

• Using return result (object)
• Using console.log(JSON.stringify(result)) — no output in stdout
• Simplified scripts (e.g. return { viewer: { login: "test" } }) — still empty
• The same logic works fine with py: using print(json.dumps(...)) — the Python runner correctly captures stdout

Expected Behavior

The script: runner should:

1. Capture the return value and serialize it as the tool output as documented

Actual Behavior

Every script: safe-input returns {"stdout":"","stderr":""} unconditionally. The agent sees no data and has to assume defaults / skip logic that depended on the result.

Impact

Workflows that rely on script: for GitHub GraphQL queries (or any JS-based safe-input) silently fail. The only workaround is to rewrite the logic in Python using py: or use run: with shell commands, which is significantly less ergonomic for GraphQL/JSON workloads.

Environment

• gh aw (github/gh-aw) — current version in use
• Runner: GitHub Actions (AWF sandbox)