mirror of
https://github.com/hwchase17/langchain
synced 2024-10-27 21:46:30 +00:00
6c308aabae
Using `${{ }}` to construct shell commands is risky, since the `${{ }}` interpolation runs first and ignores shell quoting rules. This means that shell commands that look safely quoted, like `echo "${{ github.event.issue.title }}"`, are actually vulnerable to shell injection. More details here: https://github.blog/2023-08-09-four-tips-to-keep-your-github-actions-workflows-secure/ |
||
---|---|---|
.. | ||
action.yml |