fix: prevent template injection by using env var

david-fraley · david-fraley · commit 2f4d988d0db8 · 2025-12-11T21:19:01.000Z
Addresses zizmor template-injection warning by passing the execution
file path through an environment variable instead of directly
interpolating it in the shell script.
diff --git a/.github/workflows/classify-issue-severity.yml b/.github/workflows/classify-issue-severity.yml
@@ -142,9 +142,9 @@ jobs:
 
       - name: Extract Result from Execution File
         id: extract
+        env:
+          EXECUTION_FILE: ${{ steps.analysis.outputs.execution_file }}
         run: |
-          EXECUTION_FILE="${{ steps.analysis.outputs.execution_file }}"
-
           if [ ! -f "$EXECUTION_FILE" ]; then
             echo "Execution file not found: $EXECUTION_FILE"
             exit 1
