alt Hacker NewsYou also need to make sure you take care using PR titles and descriptions in your GHA because if they contain `text` it *may be executed lmfao.
edited: not "will", may depending on your GHA
Replies
vldszn • today at 12:43 AM
Maybe zizmor could catch this https://github.com/zizmorcore/zizmor but not sure 100%
➕ show 1 reply
Can you cite this? It's not YAML execution syntax, surely Github doesn't do it, the only vector I can see is if you put it unquoted into a shell script inside of a GHA yaml.