sanitize github workflow variables #117
Description
in publication-request.yaml there are commands such as:
echo "Sequence: $SEQUENCE"
if $SEQUENCE contains a quote it's allowed to break out of the string.
Imagine $SEQUNCE was file";touch "pwned.yml (yes, that is a valid
file name), the code would become
echo "Hello, the path to this workflow is file";touch "pwned.yml"
please review all the github workflows and make sure variables are properly escaped/sanitized