security: fix code injection and untrusted checkout vulnerabilities

- bot-ai-review.yml: Add fork check to prevent untrusted code execution
- gen-create-spec.yml: Remove eval, use direct command execution
- bot-auto-tag.yml: Replace sed with Python for safe string handling
- gen-preview.yml: Use unquoted heredoc instead of sed for variable expansion

Fixes CodeQL alerts for code injection and untrusted checkout patterns.

Author: MarkusNeusinger

.github/workflows/bot-ai-review.yml

@@ -19,7 +19,17 @@ jobs:
     steps:
       - name: Check conditions
         id: check
+        env:
+          HEAD_REPO: ${{ github.event.workflow_run.head_repository.full_name }}
+          BASE_REPO: ${{ github.repository }}
         run: |
+          # Security: Skip if workflow run is from a fork (untrusted code)
+          if [[ "$HEAD_REPO" != "$BASE_REPO" ]]; then
+            echo "::notice::Skipping: Workflow run is from fork '$HEAD_REPO', not '$BASE_REPO'"
+            echo "should_run=false" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
           CONCLUSION="${{ github.event.workflow_run.conclusion }}"
 
           if [[ "$CONCLUSION" != "success" ]]; then

.github/workflows/bot-auto-tag.yml

@@ -131,26 +131,31 @@ jobs:
             PLOT_CONTENT=""
           fi
 
-          # Create prompt for Claude
-          cat > /tmp/tag_prompt.txt << 'PROMPTEOF'
-          Analyze this plot specification and implementation to generate a hierarchical tag structure.
+          # Create prompt for Claude (Security: avoid sed with user content)
+          # Export variables so Python can access them, then use Python for safe string handling
+          export SPEC_CONTENT PLOT_CONTENT
+          python3 << 'PYEOF'
+          import os
+          spec = os.environ.get('SPEC_CONTENT', '')
+          plot = os.environ.get('PLOT_CONTENT', '')
+          prompt = f"""Analyze this plot specification and implementation to generate a hierarchical tag structure.
 
           ## Specification:
-          ${SPEC_CONTENT}
+          {spec}
 
           ## Implementation (example):
-          ${PLOT_CONTENT}
+          {plot}
 
           ## Task:
           Generate a 5-level tag hierarchy for this plot. Format as JSON:
-          {
+          {{
             "level1_category": "visualization_type",
             "level2_type": "specific_chart_type",
             "level3_style": "style_variant",
             "level4_features": ["feature1", "feature2"],
             "level5_use_cases": ["use_case1", "use_case2"],
             "search_tags": ["tag1", "tag2", "tag3"]
-          }
+          }}
 
           Categories:
           - Level 1: Main category (scatter, bar, line, heatmap, distribution, comparison, etc.)
@@ -159,12 +164,10 @@ jobs:
           - Level 4: Features used (gridlines, annotations, legends, colors, etc.)
           - Level 5: Use cases (exploratory, presentation, publication, dashboard, etc.)
 
-          Return ONLY valid JSON, no markdown formatting.
-          PROMPTEOF
-
-          # Replace placeholders
-          sed -i "s|\${SPEC_CONTENT}|${SPEC_CONTENT}|g" /tmp/tag_prompt.txt
-          sed -i "s|\${PLOT_CONTENT}|${PLOT_CONTENT}|g" /tmp/tag_prompt.txt
+          Return ONLY valid JSON, no markdown formatting."""
+          with open('/tmp/tag_prompt.txt', 'w') as f:
+              f.write(prompt)
+          PYEOF
 
           # Call Claude API (with timeout)
           RESPONSE=$(curl -s --max-time 60 --connect-timeout 10 https://api.anthropic.com/v1/messages \

.github/workflows/gen-create-spec.yml

@@ -341,17 +341,20 @@ jobs:
           ISSUE_NUMBER: ${{ github.event.issue.number }}
           TARGET_LIBRARY: ${{ needs.create-spec.outputs.target_library }}
         run: |
-          # Build command with optional target_library
-          CMD="gh workflow run gen-new-plot.yml --repo ${{ github.repository }}"
-          CMD="$CMD -f spec_id=\"$SPEC_ID\""
-          CMD="$CMD -f feature_branch=\"$FEATURE_BRANCH\""
-          CMD="$CMD -f issue_number=\"$ISSUE_NUMBER\""
-
+          # Security: Direct execution instead of eval to prevent command injection
           if [[ -n "$TARGET_LIBRARY" ]]; then
-            CMD="$CMD -f target_library=\"$TARGET_LIBRARY\""
             echo "::notice::Triggering gen-new-plot.yml for $SPEC_ID (library: $TARGET_LIBRARY)"
+            gh workflow run gen-new-plot.yml \
+              --repo "${{ github.repository }}" \
+              -f spec_id="$SPEC_ID" \
+              -f feature_branch="$FEATURE_BRANCH" \
+              -f issue_number="$ISSUE_NUMBER" \
+              -f target_library="$TARGET_LIBRARY"
           else
             echo "::notice::Triggering gen-new-plot.yml for $SPEC_ID (all libraries)"
+            gh workflow run gen-new-plot.yml \
+              --repo "${{ github.repository }}" \
+              -f spec_id="$SPEC_ID" \
+              -f feature_branch="$FEATURE_BRANCH" \
+              -f issue_number="$ISSUE_NUMBER"
           fi
-
-          eval $CMD

.github/workflows/gen-preview.yml

@@ -312,25 +312,24 @@ jobs:
                 PREV_URL=$(echo "$PREV_VERSIONS" | jq -r --arg key "$KEY" '.[$key].url // empty')
                 PREV_COUNT=$(echo "$PREV_VERSIONS" | jq -r --arg key "$KEY" '.[$key].count // 0')
 
+                # Security: Use unquoted heredoc for direct variable expansion (safer than sed)
                 if [ -n "$PREV_URL" ] && [ "$PREV_URL" != "null" ]; then
                   NEW_COUNT=$((PREV_COUNT + 1))
-                  cat >> plot_markdown.txt << 'PLOTEOF'
-          ### ${LIBRARY} (${VARIANT}) - UPDATE
+                  cat >> plot_markdown.txt << PLOTEOF
+### ${LIBRARY} (${VARIANT}) - UPDATE
 
-          | Before | After |
-          |--------|-------|
-          | ![Before](${PREV_URL}) | ![After](${NEW_URL}) |
+| Before | After |
+|--------|-------|
+| ![Before](${PREV_URL}) | ![After](${NEW_URL}) |
 
-          [View version history (${NEW_COUNT} versions)](${HISTORY_URL})
-          PLOTEOF
-                  sed -i "s|\${LIBRARY}|${LIBRARY}|g; s|\${VARIANT}|${VARIANT}|g; s|\${PREV_URL}|${PREV_URL}|g; s|\${NEW_URL}|${NEW_URL}|g; s|\${NEW_COUNT}|${NEW_COUNT}|g; s|\${HISTORY_URL}|${HISTORY_URL}|g" plot_markdown.txt
+[View version history (${NEW_COUNT} versions)](${HISTORY_URL})
+PLOTEOF
                 else
-                  cat >> plot_markdown.txt << 'PLOTEOF'
-          ### ${LIBRARY} (${VARIANT}) - NEW
+                  cat >> plot_markdown.txt << PLOTEOF
+### ${LIBRARY} (${VARIANT}) - NEW
 
-          ![${LIBRARY} ${VARIANT}](${NEW_URL})
-          PLOTEOF
-                  sed -i "s|\${LIBRARY}|${LIBRARY}|g; s|\${VARIANT}|${VARIANT}|g; s|\${NEW_URL}|${NEW_URL}|g" plot_markdown.txt
+![${LIBRARY} ${VARIANT}](${NEW_URL})
+PLOTEOF
                 fi
                 echo "" >> plot_markdown.txt
               fi