Hello maintainers,
I would like to report a potential vulnerability in your GitHub CI workflows.
Affected files:
- IMhide/claude-workflow/.github/workflows/create-implementation-plan.yml
Vulnerability:
- In job 'create-implementation-plan', step 'Parse YAML frontmatter', the attacker-controlled source 'github.event.issue.body' is spliced into the run shell variable assignment 'ISSUE_BODY', leading to direct command execution.
Thank you for your time and for maintaining this project.
Hello maintainers,
I would like to report a potential vulnerability in your GitHub CI workflows.
Affected files:
Vulnerability:
Thank you for your time and for maintaining this project.