Fix command injection vulnerability in GitHub Actions workflow - Changed line 35 from direct template interpolation to safe environment variable usage with proper double-quoting to prevent shell injection attacks.

comtel2000 · comtel2000 · commit b41a11d954d6 · 2026-03-30T20:50:42.000+02:00
diff --git a/.github/workflows/summary.yml b/.github/workflows/summary.yml
@@ -32,7 +32,7 @@ jobs:
 
       - name: Comment with AI summary
         run: |
-          gh issue comment $ISSUE_NUMBER --body '${{ steps.inference.outputs.response }}'
+          gh issue comment $ISSUE_NUMBER --body "$RESPONSE"
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           ISSUE_NUMBER: ${{ github.event.issue.number }}
