diff --git a/.github/workflows/spam-detection-adk-java-issues.yml b/.github/workflows/spam-detection-adk-java-issues.yml index de7841d3d..4fb1451fd 100644 --- a/.github/workflows/spam-detection-adk-java-issues.yml +++ b/.github/workflows/spam-detection-adk-java-issues.yml @@ -51,10 +51,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - name: Set up Java - uses: actions/setup-java@v5 + uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5 with: distribution: temurin java-version: '17' @@ -76,8 +76,9 @@ jobs: DRY_RUN: '1' EVENT_NAME: ${{ github.event_name }} ISSUE_NUMBER: ${{ github.event.issue.number }} - ISSUE_TITLE: ${{ github.event.issue.title }} - ISSUE_BODY: ${{ github.event.issue.body }} + # ISSUE_TITLE and ISSUE_BODY intentionally omitted: passing raw GitHub event + # content directly as env vars is a prompt-injection vector. The agent + # must fetch issue content via the GitHub API using ISSUE_NUMBER instead. # Mapped to the manual-dispatch checkbox. On the daily schedule this is # empty, so only issues updated in the last 24h are audited. INITIAL_FULL_SCAN: ${{ github.event.inputs.full_scan }} diff --git a/.github/workflows/triage-adk-java-issues.yml b/.github/workflows/triage-adk-java-issues.yml index 972a9ef35..9f76dd1da 100644 --- a/.github/workflows/triage-adk-java-issues.yml +++ b/.github/workflows/triage-adk-java-issues.yml @@ -41,10 +41,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - name: Set up Java - uses: actions/setup-java@v5 + uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5 with: distribution: temurin java-version: '17' @@ -66,8 +66,9 @@ jobs: DRY_RUN: '1' EVENT_NAME: ${{ github.event_name }} ISSUE_NUMBER: ${{ github.event.issue.number }} - ISSUE_TITLE: ${{ github.event.issue.title }} - ISSUE_BODY: ${{ github.event.issue.body }} + # ISSUE_TITLE and ISSUE_BODY intentionally omitted: passing raw GitHub event + # content directly as env vars is a prompt-injection vector. The agent + # must fetch issue content via the GitHub API using ISSUE_NUMBER instead. # Number of issues to process per scheduled batch run. ISSUE_COUNT_TO_PROCESS: '3' # Comma-separated GitHub handles to round-robin assign issues to.