M.V. Hutz
ed30a4fc7c
All checks were successful
CI / Check PR Title (push) Has been skipped
CI / Go Lint (push) Successful in 36s
CI / Makefile Lint (push) Successful in 35s
CI / Markdown Lint (push) Successful in 22s
CI / Unit Tests (push) Successful in 35s
CI / Fuzz Tests (push) Successful in 1m6s
CI / Mutation Tests (push) Successful in 1m10s
## Description Currently, the `check-pr-title` job has a security vulnerability. If you give the PR a bad title, the job can run arbitrary code. ## Changes - Fix prompt injection by pulling the PR title as an environment variable. - Also, restricted the job to only `pull_request` trigger. ### Design Decisions - It is better to pull out this job into a separate workflow with a unique trigger, but I chose not to because it is currently only one job. ## Checklist - [x] Tests pass - [x] Docs updated Reviewed-on: #18 Co-authored-by: M.V. Hutz <git@maximhutz.me> Co-committed-by: M.V. Hutz <git@maximhutz.me>