What is the security hole about computing a value in the .yaml during an action instead of computing the value and putting it in the environment? (I'd think maybe it is the other way around.)

What is the security hole about computing a value in the .yaml during an action instead of computing the value and putting it in the environment? (I'd think maybe it is the other way around.)

zizmor calls this "template injection". https://woodruffw.github.io/zizmor/audits/#template-injection and github has detailed how this is unsafe in a shell context here: https://securitylab.github.com/resources/github-actions-untrusted-input/#script-injections

Compare what happens when the malicious TITLE is supplied via environment variable vs when it is interpolated into a shell script directly before the shell script is evalutated by (ba)sh:

$ TITLE='zzz";echo${IFS}"hello";#' sh -c 'echo "$TITLE"'
zzz";echo${IFS}"hello";#
$ sh -c 'echo "zzz";echo${IFS}"hello";#"'
zzz
hello

The shell script snippets also have to handle weird inputs via proper quoting, but zizmor is not (as far as I know) trying to diagnose incorrect use of shell, just the workflow syntax.