[Security] Security issue in your GitHub CI workflow YAML files

[cicd-security]

Hello maintainers,

I would like to report a potential vulnerability in your GitHub CI workflows.

Affected files:

• Hansade2005/pixel-pilot/.github/workflows/summary.yml

Vulnerability:

• In job 'summary', step 'Generate fallback summary', the attacker-controlled source '${{ github.event.issue.title }}' is spliced into the run shell sink.
• In job 'summary', step 'Comment with AI or fallback summary', the LLM response '${{ steps.inference.outputs.response }}' is spliced into the run shell sink; upstream LLM step 'Run AI inference' is prompted with the attacker-controlled sources '${{ github.event.issue.title }}' and '${{ github.event.issue.body }}'.

Thank you for your time and for maintaining this project.

[github-actions]

📋 Issue Summary: [Security] Security issue in your GitHub CI workflow YAML files

This issue was automatically opened and requires review. Please check the issue details for more information about the request or problem described in the title above.