Keeping your GitHub Actions and workflows secure Part 2: Untrusted input Jaroslav Lobacevski This post is the second in a series of posts about GitHub Actions security. Part 1, Part 3 We previously discussed the misuse of the pull_request_target trigger within GitHub Actions and workflows. In this follow-up piece, we will discuss possible avenues of abuse that may result in code and command inject
![Keeping your GitHub Actions and workflows secure Part 2: Untrusted input](https://cdn-ak-scissors.b.st-hatena.com/image/square/0dfbe9a4a87f236810eee14241f2a38dfbb8b6e2/height=288;version=1;width=512/https%3A%2F%2Fsecuritylab.github.com%2Fassets%2Fimg%2Fsocial-card.png)