Harden publish workflow logs against command injection by JaredStowell · Pull Request #1 · JaredStowell/vinext

JaredStowell · 2026-03-07T16:45:09Z

The publish workflow echoed untrusted commit text, AI-generated summaries, and webhook payloads directly to stdout, which allows GitHub Actions to interpret attacker-controlled ::command:: sequences and tamper with CI logs.
Prevent workflow command/log injection while preserving current release logging and Google Chat notifications.

Added a small log_literal() helper in the Generate release summary and Notify Google Chat steps that wraps untrusted output with a ::stop-commands::{token} marker and the matching closing token so runners treat the block as literal text.
Replaced direct echo calls with log_literal for the commit list, AI-generated summary, webhook payload, and webhook response to ensure any ::command:: sequences in that content are not interpreted by the runner.
Preserved existing behavior for writing the release summary to GITHUB_OUTPUT and sending the Google Chat webhook.

Inspected the workflow file contents with sed -n '1,240p' .github/workflows/publish.yml to confirm the log_literal() helper and replacements were added, and checked the updated region with nl -ba .github/workflows/publish.yml | sed -n '90,230p', which succeeded.
Verified repository files were searchable with rg --files -g 'AGENTS.md' and confirmed the modified workflow shows the new safe logging calls; these checks succeeded.

Harden publish workflow logs against command injection

d671eea

JaredStowell added aardvark codex labels Mar 7, 2026 — with ChatGPT Codex Connector

JaredStowell added aardvark codex labels Mar 7, 2026

Provide feedback