diff --git a/.changeset/patch-max-bot-mentions.md b/.changeset/patch-max-bot-mentions.md
new file mode 100644
index 0000000000..ab7b8058e2
--- /dev/null
+++ b/.changeset/patch-max-bot-mentions.md
@@ -0,0 +1,5 @@
+---
+"gh-aw": patch
+---
+
+Add optional `safe-outputs.max-bot-mentions` field to configure the maximum number of bot trigger references (e.g. `fixes #123`) allowed before they are neutralized. Default is 10. Supports integer or GitHub Actions expression (e.g. `${{ inputs.max-bot-mentions }}`).
diff --git a/actions/setup/js/collect_ndjson_output.cjs b/actions/setup/js/collect_ndjson_output.cjs
index e326145c6f..cd30fbf53a 100644
--- a/actions/setup/js/collect_ndjson_output.cjs
+++ b/actions/setup/js/collect_ndjson_output.cjs
@@ -6,6 +6,7 @@ const { repairJson, sanitizePrototypePollution } = require("./json_repair_helper
 const { AGENT_OUTPUT_FILENAME, TMP_GH_AW_PATH } = require("./constants.cjs");
 const { ERR_API, ERR_PARSE } = require("./error_codes.cjs");
 const { isPayloadUserBot } = require("./resolve_mentions.cjs");
+const { parseIntTemplatable } = require("./templatable.cjs");
 
 async function main() {
   try {
@@ -36,6 +37,10 @@ async function main() {
     // This determines which @mentions are allowed in the agent output
     const allowedMentions = await resolveAllowedMentionsFromPayload(context, github, core, mentionsConfig);
 
+    // maxBotMentions is populated after safeOutputsConfig is read below
+    /** @type {number | undefined} */
+    let maxBotMentions;
+
     function validateFieldWithInputSchema(value, fieldName, inputSchema, lineNum) {
       if (inputSchema.required && (value === undefined || value === null)) {
         return {
@@ -59,7 +64,7 @@ async function main() {
               error: `Line ${lineNum}: ${fieldName} must be a string`,
             };
           }
-          normalizedValue = sanitizeContent(value, { allowedAliases: allowedMentions });
+          normalizedValue = sanitizeContent(value, { allowedAliases: allowedMentions, maxBotMentions });
           break;
         case "boolean":
           if (typeof value !== "boolean") {
@@ -90,11 +95,11 @@ async function main() {
               error: `Line ${lineNum}: ${fieldName} must be one of: ${inputSchema.options.join(", ")}`,
             };
           }
-          normalizedValue = sanitizeContent(value, { allowedAliases: allowedMentions });
+          normalizedValue = sanitizeContent(value, { allowedAliases: allowedMentions, maxBotMentions });
           break;
         default:
           if (typeof value === "string") {
-            normalizedValue = sanitizeContent(value, { allowedAliases: allowedMentions });
+            normalizedValue = sanitizeContent(value, { allowedAliases: allowedMentions, maxBotMentions });
           }
           break;
       }
@@ -195,6 +200,13 @@ async function main() {
         expectedOutputTypes = Object.fromEntries(Object.entries(safeOutputsConfig).map(([key, value]) => [key.replace(/-/g, "_"), value]));
         core.info(`[INGESTION] Expected output types after normalization: ${JSON.stringify(Object.keys(expectedOutputTypes))}`);
         core.info(`[INGESTION] Expected output types full config: ${JSON.stringify(expectedOutputTypes)}`);
+        // Extract max-bot-mentions from config (defaults to undefined, using neutralizeBotTriggers default)
+        const rawMaxBotMentions = parseIntTemplatable(expectedOutputTypes.max_bot_mentions, 0);
+        if (rawMaxBotMentions > 0) {
+          maxBotMentions = rawMaxBotMentions;
+        }
+        // Remove global config keys so they are not treated as valid output types
+        delete expectedOutputTypes.max_bot_mentions;
       } catch (error) {
         const errorMsg = getErrorMessage(error);
         core.info(`Warning: Could not parse safe-outputs config: ${errorMsg}`);
@@ -282,7 +294,7 @@ async function main() {
 
         // Use the validation engine to validate the item
         if (hasValidationConfig(itemType)) {
-          const validationResult = validateItem(item, itemType, i + 1, { allowedAliases: allowedMentions });
+          const validationResult = validateItem(item, itemType, i + 1, { allowedAliases: allowedMentions, maxBotMentions });
           if (!validationResult.isValid) {
             if (validationResult.error) {
               errors.push(validationResult.error);
diff --git a/actions/setup/js/collect_ndjson_output.test.cjs b/actions/setup/js/collect_ndjson_output.test.cjs
index ba2f678f09..07379f2a80 100644
--- a/actions/setup/js/collect_ndjson_output.test.cjs
+++ b/actions/setup/js/collect_ndjson_output.test.cjs
@@ -1228,7 +1228,7 @@ describe("collect_ndjson_output.cjs", () => {
           (fs.mkdirSync("/opt/gh-aw/safeoutputs", { recursive: !0 }), fs.writeFileSync(configPath, __config), await eval(`(async () => { ${collectScript}; await main(); })()`));
           const outputCall = mockCore.setOutput.mock.calls.find(call => "output" === call[0]),
             parsedOutput = JSON.parse(outputCall[1]);
-          expect(parsedOutput.items[0].body).toBe("This `fixes #123` and `closes #456`, also `resolves #789`");
+          expect(parsedOutput.items[0].body).toBe("This fixes #123 and closes #456, also resolves #789");
         }),
         it("should remove ANSI escape sequences", async () => {
           const testFile = "/tmp/gh-aw/test-ndjson-output.txt",
@@ -1488,7 +1488,7 @@ describe("collect_ndjson_output.cjs", () => {
             outputCall = setOutputCalls.find(call => "output" === call[0]);
           expect(outputCall).toBeDefined();
           const parsedOutput = JSON.parse(outputCall[1]);
-          (expect(parsedOutput.items).toHaveLength(1), expect(parsedOutput.items[0].message).toContain("`@mention`"), expect(parsedOutput.items[0].message).toContain("`fixes #123`"));
+          (expect(parsedOutput.items).toHaveLength(1), expect(parsedOutput.items[0].message).toContain("`@mention`"), expect(parsedOutput.items[0].message).toContain("fixes #123"));
         }),
         it("should handle multiple noop messages", async () => {
           const testFile = "/tmp/gh-aw/test-ndjson-output.txt",
diff --git a/actions/setup/js/compute_text.test.cjs b/actions/setup/js/compute_text.test.cjs
index 4ec6a49be9..d60fd03e75 100644
--- a/actions/setup/js/compute_text.test.cjs
+++ b/actions/setup/js/compute_text.test.cjs
@@ -50,9 +50,9 @@ const mockCore = {
             const result = sanitizeIncomingTextFunction("Hello @user and @org/team");
             (expect(result).toContain("`@user`"), expect(result).toContain("`@org/team`"));
           }),
-          it("should neutralize bot trigger phrases", () => {
-            const result = sanitizeIncomingTextFunction("This fixes #123 and closes #456");
-            (expect(result).toContain("`fixes #123`"), expect(result).toContain("`closes #456`"));
+          it("should neutralize bot trigger phrases when count exceeds threshold", () => {
+            const result = sanitizeIncomingTextFunction("fixes #1 closes #2 resolves #3 fixes #4 closes #5 resolves #6 fixes #7 closes #8 resolves #9 fixes #10 closes #11");
+            (expect(result).not.toContain("`fixes #1`"), expect(result).toContain("`closes #11`"));
           }),
           it("should remove control characters", () => {
             const result = sanitizeIncomingTextFunction("Hello\0\bworld");
@@ -203,7 +203,7 @@ const mockCore = {
           it("should sanitize extracted text before output", async () => {
             ((mockContext.eventName = "issues"), (mockContext.payload = { issue: { title: "Test @user fixes #123", body: "Visit https://evil.com" } }), await testMain());
             const outputCall = mockCore.setOutput.mock.calls[0];
-            (expect(outputCall[1]).toContain("`@user`"), expect(outputCall[1]).toContain("`fixes #123`"), expect(outputCall[1]).toContain("/redacted"));
+            (expect(outputCall[1]).toContain("`@user`"), expect(outputCall[1]).toContain("fixes #123"), expect(outputCall[1]).toContain("/redacted"));
           }),
           it("should handle missing title and body gracefully", async () => {
             ((mockContext.eventName = "issues"),
diff --git a/actions/setup/js/safe_output_type_validator.cjs b/actions/setup/js/safe_output_type_validator.cjs
index 59e267baa8..34d2517a42 100644
--- a/actions/setup/js/safe_output_type_validator.cjs
+++ b/actions/setup/js/safe_output_type_validator.cjs
@@ -25,6 +25,10 @@ const MAX_BODY_LENGTH = 65000;
  */
 const MAX_GITHUB_USERNAME_LENGTH = 39;
 
+/**
+ * @typedef {{ allowedAliases?: string[], maxBotMentions?: number }} ValidateOptions
+ */
+
 /**
  * @typedef {Object} FieldValidation
  * @property {boolean} [required] - Whether the field is required
@@ -241,8 +245,7 @@ function validateIssueNumberOrTemporaryId(value, fieldName, lineNum) {
  * @param {FieldValidation} validation - The validation configuration
  * @param {string} itemType - The item type for error messages
  * @param {number} lineNum - Line number for error messages
- * @param {Object} [options] - Optional sanitization options
- * @param {string[]} [options.allowedAliases] - List of allowed @mentions
+ * @param {ValidateOptions} [options] - Optional sanitization options
  * @returns {{isValid: boolean, normalizedValue?: any, error?: string}}
  */
 function validateField(value, fieldName, validation, itemType, lineNum, options) {
@@ -338,6 +341,7 @@ function validateField(value, fieldName, validation, itemType, lineNum, options)
         normalizedResult = sanitizeContent(normalizedResult, {
           maxLength: validation.maxLength,
           allowedAliases: options?.allowedAliases || [],
+          maxBotMentions: options?.maxBotMentions,
         });
       }
       return { isValid: true, normalizedValue: normalizedResult };
@@ -350,6 +354,7 @@ function validateField(value, fieldName, validation, itemType, lineNum, options)
       const sanitized = sanitizeContent(processedValue, {
         maxLength: validation.maxLength || MAX_BODY_LENGTH,
         allowedAliases: options?.allowedAliases || [],
+        maxBotMentions: options?.maxBotMentions,
       });
       return { isValid: true, normalizedValue: sanitized };
     }
@@ -389,6 +394,7 @@ function validateField(value, fieldName, validation, itemType, lineNum, options)
             ? sanitizeContent(item, {
                 maxLength: validation.itemMaxLength || 128,
                 allowedAliases: options?.allowedAliases || [],
+                maxBotMentions: options?.maxBotMentions,
               })
             : item
         );
@@ -480,8 +486,7 @@ function executeCustomValidation(item, customValidation, lineNum, itemType) {
  * @param {Object} item - The item to validate
  * @param {string} itemType - The item type (e.g., "create_issue")
  * @param {number} lineNum - Line number for error messages
- * @param {Object} [options] - Optional sanitization options
- * @param {string[]} [options.allowedAliases] - List of allowed @mentions
+ * @param {ValidateOptions} [options] - Optional sanitization options
  * @returns {{isValid: boolean, normalizedItem?: Object, error?: string}}
  */
 function validateItem(item, itemType, lineNum, options) {
diff --git a/actions/setup/js/sanitize_content.cjs b/actions/setup/js/sanitize_content.cjs
index 8d1672b1c2..dd585ff482 100644
--- a/actions/setup/js/sanitize_content.cjs
+++ b/actions/setup/js/sanitize_content.cjs
@@ -30,6 +30,7 @@ const { balanceCodeRegions } = require("./markdown_code_region_balancer.cjs");
  * @typedef {Object} SanitizeOptions
  * @property {number} [maxLength] - Maximum length of content (default: 524288)
  * @property {string[]} [allowedAliases] - List of aliases (@mentions) that should not be neutralized
+ * @property {number} [maxBotMentions] - Maximum bot trigger references before filtering (default: 10)
  */
 
 /**
@@ -44,6 +45,8 @@ function sanitizeContent(content, maxLengthOrOptions) {
   let maxLength;
   /** @type {string[]} */
   let allowedAliasesLowercase = [];
+  /** @type {number | undefined} */
+  let maxBotMentions;
 
   if (typeof maxLengthOrOptions === "number") {
     maxLength = maxLengthOrOptions;
@@ -51,11 +54,12 @@ function sanitizeContent(content, maxLengthOrOptions) {
     maxLength = maxLengthOrOptions.maxLength;
     // Pre-process allowed aliases to lowercase for efficient comparison
     allowedAliasesLowercase = (maxLengthOrOptions.allowedAliases || []).map(alias => alias.toLowerCase());
+    maxBotMentions = maxLengthOrOptions.maxBotMentions;
   }
 
   // If no allowed aliases specified, use core sanitization (which neutralizes all mentions)
   if (allowedAliasesLowercase.length === 0) {
-    return sanitizeContentCore(content, maxLength);
+    return sanitizeContentCore(content, maxLength, maxBotMentions);
   }
 
   // If allowed aliases are specified, we need custom mention filtering
@@ -103,7 +107,7 @@ function sanitizeContent(content, maxLengthOrOptions) {
   sanitized = neutralizeGitHubReferences(sanitized, allowedGitHubRefs);
 
   // Neutralize bot triggers
-  sanitized = neutralizeBotTriggers(sanitized);
+  sanitized = neutralizeBotTriggers(sanitized, maxBotMentions);
 
   // Balance markdown code regions to fix improperly nested fences
   // This repairs markdown where AI models generate nested code blocks at the same indentation
diff --git a/actions/setup/js/sanitize_content.test.cjs b/actions/setup/js/sanitize_content.test.cjs
index 668663c1c1..8c38358862 100644
--- a/actions/setup/js/sanitize_content.test.cjs
+++ b/actions/setup/js/sanitize_content.test.cjs
@@ -746,32 +746,61 @@ describe("sanitize_content.cjs", () => {
   });
 
   describe("bot trigger neutralization", () => {
-    it("should neutralize 'fixes #123' patterns", () => {
+    it("should not neutralize 'fixes #123' when there are 10 or fewer references", () => {
       const result = sanitizeContent("This fixes #123");
-      expect(result).toBe("This `fixes #123`");
+      expect(result).toBe("This fixes #123");
     });
 
-    it("should neutralize 'closes #456' patterns", () => {
+    it("should not neutralize 'closes #456' when there are 10 or fewer references", () => {
       const result = sanitizeContent("PR closes #456");
-      expect(result).toBe("PR `closes #456`");
+      expect(result).toBe("PR closes #456");
     });
 
-    it("should neutralize 'resolves #789' patterns", () => {
+    it("should not neutralize 'resolves #789' when there are 10 or fewer references", () => {
       const result = sanitizeContent("This resolves #789");
-      expect(result).toBe("This `resolves #789`");
+      expect(result).toBe("This resolves #789");
     });
 
-    it("should handle various bot trigger verbs", () => {
+    it("should not neutralize various bot trigger verbs when count is within limit", () => {
       const triggers = ["fix", "fixes", "close", "closes", "resolve", "resolves"];
       triggers.forEach(verb => {
         const result = sanitizeContent(`This ${verb} #123`);
-        expect(result).toBe(`This \`${verb} #123\``);
+        expect(result).toBe(`This ${verb} #123`);
       });
     });
 
-    it("should neutralize alphanumeric issue references", () => {
+    it("should not neutralize alphanumeric issue references when count is within limit", () => {
       const result = sanitizeContent("fixes #abc123def");
-      expect(result).toBe("`fixes #abc123def`");
+      expect(result).toBe("fixes #abc123def");
+    });
+
+    it("should neutralize excess references beyond the 10-occurrence threshold", () => {
+      const input = Array.from({ length: 11 }, (_, i) => `fixes #${i + 1}`).join(" ");
+      const result = sanitizeContent(input);
+      // First 10 are left unchanged
+      for (let i = 1; i <= 10; i++) {
+        expect(result).not.toContain(`\`fixes #${i}\``);
+      }
+      // 11th is wrapped
+      expect(result).toContain("`fixes #11`");
+    });
+
+    it("should not requote already-quoted entries", () => {
+      // Build a string with 12 entries where one is already quoted and 11 are unquoted
+      // (11 unquoted entries exceed the MAX_BOT_TRIGGER_REFERENCES threshold of 10)
+      const alreadyQuoted = "`fixes #1`";
+      const unquoted = Array.from({ length: 11 }, (_, i) => `fixes #${i + 2}`).join(" ");
+      const input = `${alreadyQuoted} ${unquoted}`;
+      const result = sanitizeContent(input);
+      // The already-quoted entry must not be double-quoted
+      expect(result).not.toContain("``fixes #1``");
+      expect(result).toContain("`fixes #1`");
+      // The first 10 unquoted entries are left unchanged (only the 11th is wrapped)
+      for (let i = 2; i <= 11; i++) {
+        expect(result).not.toContain(`\`fixes #${i}\``);
+      }
+      // The 12th entry (11th unquoted) is wrapped
+      expect(result).toContain("`fixes #12`");
     });
   });
 
@@ -1063,7 +1092,7 @@ describe("sanitize_content.cjs", () => {
       expect(result).toContain("https://github.com");
       expect(result).not.toContain("<script>");
       expect(result).toContain("(script)");
-      expect(result).toContain("`fixes #123`");
+      expect(result).toContain("fixes #123");
       expect(result).not.toContain("\x1b[31m");
       expect(result).toContain("Red text");
     });
diff --git a/actions/setup/js/sanitize_content_core.cjs b/actions/setup/js/sanitize_content_core.cjs
index 36254893b8..ea83b2b807 100644
--- a/actions/setup/js/sanitize_content_core.cjs
+++ b/actions/setup/js/sanitize_content_core.cjs
@@ -406,13 +406,35 @@ function convertXmlTags(s) {
 }
 
 /**
- * Neutralizes bot trigger phrases by wrapping them in backticks
+ * Maximum number of bot trigger references allowed before filtering is applied.
+ */
+const MAX_BOT_TRIGGER_REFERENCES = 10;
+
+/**
+ * Neutralizes bot trigger phrases by wrapping them in backticks.
+ * The first `maxBotMentions` unquoted trigger references are left unchanged;
+ * any occurrences beyond that threshold are wrapped in backticks.
+ * Already-quoted entries are never re-quoted.
  * @param {string} s - The string to process
- * @returns {string} The string with neutralized bot triggers
+ * @param {number} [maxBotMentions] - Number of occurrences to allow before escaping (default: MAX_BOT_TRIGGER_REFERENCES)
+ * @returns {string} The string with excess bot triggers neutralized
  */
-function neutralizeBotTriggers(s) {
-  // Neutralize common bot trigger phrases like "fixes #123", "closes #asdfs", etc.
-  return s.replace(/\b(fixes?|closes?|resolves?|fix|close|resolve)\s+#(\w+)/gi, (match, action, ref) => `\`${action} #${ref}\``);
+function neutralizeBotTriggers(s, maxBotMentions = MAX_BOT_TRIGGER_REFERENCES) {
+  // Match unquoted bot trigger phrases like "fixes #123", "closes #asdfs", etc.
+  // The negative lookbehind (?<!`) skips already-quoted entries.
+  const pattern = /(?<!`)\b(fixes?|closes?|resolves?|fix|close|resolve)\s+#(\w+)/gi;
+  const matches = s.match(pattern);
+  if (!matches || matches.length <= maxBotMentions) {
+    return s;
+  }
+  let count = 0;
+  return s.replace(pattern, (match, action, ref) => {
+    count++;
+    if (count <= maxBotMentions) {
+      return match;
+    }
+    return `\`${action} #${ref}\``;
+  });
 }
 
 /**
@@ -717,9 +739,10 @@ function hardenUnicodeText(text) {
  * Core sanitization function without mention filtering
  * @param {string} content - The content to sanitize
  * @param {number} [maxLength] - Maximum length of content (default: 524288)
+ * @param {number} [maxBotMentions] - Max bot trigger references before filtering (default: MAX_BOT_TRIGGER_REFERENCES)
  * @returns {string} The sanitized content
  */
-function sanitizeContentCore(content, maxLength) {
+function sanitizeContentCore(content, maxLength, maxBotMentions) {
   if (!content || typeof content !== "string") {
     return "";
   }
@@ -768,7 +791,7 @@ function sanitizeContentCore(content, maxLength) {
   sanitized = neutralizeGitHubReferences(sanitized, allowedGitHubRefs);
 
   // Neutralize common bot trigger phrases
-  sanitized = neutralizeBotTriggers(sanitized);
+  sanitized = neutralizeBotTriggers(sanitized, maxBotMentions);
 
   // Neutralize template syntax delimiters (defense-in-depth)
   // This prevents potential issues if content is processed by downstream template engines
@@ -801,6 +824,7 @@ module.exports = {
   removeXmlComments,
   convertXmlTags,
   neutralizeBotTriggers,
+  MAX_BOT_TRIGGER_REFERENCES,
   neutralizeTemplateDelimiters,
   applyTruncation,
   hardenUnicodeText,
diff --git a/actions/setup/js/sanitize_output.test.cjs b/actions/setup/js/sanitize_output.test.cjs
index 8f80f437fb..fde07521f7 100644
--- a/actions/setup/js/sanitize_output.test.cjs
+++ b/actions/setup/js/sanitize_output.test.cjs
@@ -50,9 +50,9 @@ const mockCore = {
             const result = sanitizeContentFunction("Check `@user` in code and @realuser outside");
             (expect(result).toContain("`@user`"), expect(result).toContain("`@realuser`"));
           }),
-          it("should neutralize bot trigger phrases", () => {
-            const result = sanitizeContentFunction("This fixes #123 and closes #456. Also resolves #789");
-            (expect(result).toContain("`fixes #123`"), expect(result).toContain("`closes #456`"), expect(result).toContain("`resolves #789`"));
+          it("should neutralize bot trigger phrases when count exceeds threshold", () => {
+            const result = sanitizeContentFunction("fixes #1 closes #2 resolves #3 fixes #4 closes #5 resolves #6 fixes #7 closes #8 resolves #9 fixes #10 closes #11");
+            (expect(result).not.toContain("`fixes #1`"), expect(result).not.toContain("`resolves #3`"), expect(result).toContain("`closes #11`"));
           }),
           it("should remove control characters except newlines and tabs", () => {
             const result = sanitizeContentFunction("Hello\0world\f\nNext line\tbad");
@@ -169,7 +169,7 @@ const mockCore = {
                 "\n# Issue Report by @user\n\nThis fixes #123 and has links:\n- HTTP: http://bad.com (should be blocked)\n- HTTPS: https://github.com/repo (should be preserved)\n- JavaScript: javascript:alert('xss') (should be blocked)\n\n<script>alert(\"xss\")<\/script>\n\nSpecial chars: \0 & \"quotes\" 'apostrophes'\n      ".trim(),
               result = sanitizeContentFunction(input);
             (expect(result).toContain("`@user`"),
-              expect(result).toContain("`fixes #123`"),
+              expect(result).toContain("fixes #123"),
               expect(result).toContain("(redacted)"),
               expect(result).toContain("https://github.com/repo"),
               expect(result).not.toContain("http://bad.com"),
@@ -207,9 +207,9 @@ const mockCore = {
             const result = sanitizeContentFunction("Code: `@user.method()` and normal @user mention");
             (expect(result).toContain("`@user.method()`"), expect(result).toContain("`@user`"));
           }),
-          it("should handle various bot trigger phrase formats", () => {
-            const result = sanitizeContentFunction("Fix #123, close #abc, FIXES #XYZ, resolves #456, fixes    #789");
-            (expect(result).toContain("`Fix #123`"), expect(result).toContain("`close #abc`"), expect(result).toContain("`FIXES #XYZ`"), expect(result).toContain("`resolves #456`"), expect(result).toContain("`fixes #789`"));
+          it("should handle various bot trigger phrase formats when count exceeds threshold", () => {
+            const result = sanitizeContentFunction("Fix #1, close #2, FIXES #3, resolves #4, fixes #5, close #6, fixes #7, closes #8, resolves #9, fix #10, close #11");
+            (expect(result).not.toContain("`Fix #1`"), expect(result).not.toContain("`close #2`"), expect(result).not.toContain("`resolves #4`"), expect(result).toContain("`close #11`"));
           }),
           it("should handle edge cases in protocol filtering", () => {
             const result = sanitizeContentFunction(
@@ -355,7 +355,7 @@ const mockCore = {
             expect(outputCall).toBeDefined();
             const sanitizedOutput = outputCall[1];
             (expect(sanitizedOutput).toContain("`@user`"),
-              expect(sanitizedOutput).toContain("`fixes #123`"),
+              expect(sanitizedOutput).toContain("fixes #123"),
               expect(sanitizedOutput).toContain("/redacted"),
               expect(sanitizedOutput).toContain("https://github.com/repo"),
               fs.unlinkSync(testFile));
diff --git a/pkg/parser/schemas/main_workflow_schema.json b/pkg/parser/schemas/main_workflow_schema.json
index 6e05ab5c6a..cecb12b4ce 100644
--- a/pkg/parser/schemas/main_workflow_schema.json
+++ b/pkg/parser/schemas/main_workflow_schema.json
@@ -6829,6 +6829,21 @@
           "default": false,
           "examples": [false, true]
         },
+        "max-bot-mentions": {
+          "description": "Maximum number of bot trigger references (e.g. 'fixes #123', 'closes #456') allowed in output before all of them are neutralized. Default: 10. Supports integer or GitHub Actions expression (e.g. '${{ inputs.max-bot-mentions }}').",
+          "oneOf": [
+            {
+              "type": "integer",
+              "minimum": 1,
+              "default": 10
+            },
+            {
+              "type": "string",
+              "pattern": "^\\$\\{\\{.*\\}\\}$",
+              "description": "GitHub Actions expression that resolves to an integer at runtime"
+            }
+          ]
+        },
         "runs-on": {
           "type": "string",
           "description": "Runner specification for all safe-outputs jobs (activation, create-issue, add-comment, etc.). Single runner label (e.g., 'ubuntu-slim', 'ubuntu-latest', 'windows-latest', 'self-hosted'). Defaults to 'ubuntu-slim'. See https://github.blog/changelog/2025-10-28-1-vcpu-linux-runner-now-available-in-github-actions-in-public-preview/"
diff --git a/pkg/workflow/compiler_types.go b/pkg/workflow/compiler_types.go
index 71d3025327..91b2651340 100644
--- a/pkg/workflow/compiler_types.go
+++ b/pkg/workflow/compiler_types.go
@@ -524,6 +524,7 @@ type SafeOutputsConfig struct {
 	Mentions                        *MentionsConfig                        `yaml:"mentions,omitempty"`                  // Configuration for @mention filtering in safe outputs
 	Footer                          *bool                                  `yaml:"footer,omitempty"`                    // Global footer control - when false, omits visible footer from all safe outputs (XML markers still included)
 	GroupReports                    bool                                   `yaml:"group-reports,omitempty"`             // If true, create parent "Failed runs" issue for agent failures (default: false)
+	MaxBotMentions                  *string                                `yaml:"max-bot-mentions,omitempty"`          // Maximum bot trigger references (e.g. 'fixes #123') allowed before filtering. Default: 10. Supports integer or GitHub Actions expression.
 	AutoInjectedCreateIssue         bool                                   `yaml:"-"`                                   // Internal: true when create-issues was automatically injected by the compiler (not user-configured)
 }
 
diff --git a/pkg/workflow/safe_outputs_config.go b/pkg/workflow/safe_outputs_config.go
index 798e978c99..3ed608382f 100644
--- a/pkg/workflow/safe_outputs_config.go
+++ b/pkg/workflow/safe_outputs_config.go
@@ -437,6 +437,15 @@ func (c *Compiler) extractSafeOutputsConfig(frontmatter map[string]any) *SafeOut
 				}
 			}
 
+			// Handle max-bot-mentions (templatable integer)
+			if err := preprocessIntFieldAsString(outputMap, "max-bot-mentions", safeOutputsConfigLog); err != nil {
+				safeOutputsConfigLog.Printf("max-bot-mentions: %v", err)
+			} else if maxBotMentions, exists := outputMap["max-bot-mentions"]; exists {
+				if maxBotMentionsStr, ok := maxBotMentions.(string); ok {
+					config.MaxBotMentions = &maxBotMentionsStr
+				}
+			}
+
 			// Handle jobs (safe-jobs must be under safe-outputs)
 			if jobs, exists := outputMap["jobs"]; exists {
 				if jobsMap, ok := jobs.(map[string]any); ok {
diff --git a/pkg/workflow/safe_outputs_config_generation.go b/pkg/workflow/safe_outputs_config_generation.go
index 3b56285c15..ab19ba2824 100644
--- a/pkg/workflow/safe_outputs_config_generation.go
+++ b/pkg/workflow/safe_outputs_config_generation.go
@@ -1,6 +1,10 @@
 package workflow
 
-import "encoding/json"
+import (
+	"encoding/json"
+	"strconv"
+	"strings"
+)
 
 // ========================================
 // Safe Output Configuration Generation
@@ -478,6 +482,16 @@ func generateSafeOutputsConfig(data *WorkflowData) string {
 		}
 	}
 
+	// Add max-bot-mentions if set (templatable integer)
+	if data.SafeOutputs.MaxBotMentions != nil {
+		v := *data.SafeOutputs.MaxBotMentions
+		if n, err := strconv.Atoi(v); err == nil && n > 0 {
+			safeOutputsConfig["max_bot_mentions"] = n
+		} else if strings.HasPrefix(v, "${{") {
+			safeOutputsConfig["max_bot_mentions"] = v
+		}
+	}
+
 	configJSON, _ := json.Marshal(safeOutputsConfig)
 	safeOutputsConfigLog.Printf("Safe outputs config generation complete: %d tool types configured", len(safeOutputsConfig))
 	return string(configJSON)