fix: add zizmor ignore for template-injection

david-fraley · david-fraley · commit ca7d80f771d9 · 2025-12-11T21:28:06.000Z
The execution_file output is from the claude-code-action (trusted source),
not user-controlled input, so this is a false positive. Adding explicit
ignore comment to suppress the warning.
diff --git a/.github/workflows/classify-issue-severity.yml b/.github/workflows/classify-issue-severity.yml
@@ -143,7 +143,7 @@ jobs:
       - name: Extract Result from Execution File
         id: extract
         env:
-          EXECUTION_FILE: ${{ steps.analysis.outputs.execution_file }}
+          EXECUTION_FILE: ${{ steps.analysis.outputs.execution_file }} # zizmor: ignore[template-injection]
         run: |
           if [ ! -f "$EXECUTION_FILE" ]; then
             echo "Execution file not found: $EXECUTION_FILE"
