Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix: mitigate prompt injection in issue triage workflows #170

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

fix: mitigate prompt injection in issue triage workflows #170

wants to merge 1 commit into from

Conversation

@cornmander
Copy link

@cornmander cornmander commented Aug 13, 2025

This PR mitigates a prompt injection vulnerability in the issue triage workflows by separating the label suggestion and application steps.

@cornmander cornmander requested review from a team as code owners August 13, 2025 03:07
jerop
jerop reviewed Aug 13, 2025
View reviewed changes
.github/workflows/gemini-issue-automated-triage.yml
id: 'gemini_issue_triage'
id: 'suggest_labels'
env:
GITHUB_TOKEN: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}'
Copy link
Contributor

@jerop jerop Aug 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we remove this too by fetching labels upfront? then we can also remove gh label list

sethvargo
sethvargo reviewed Aug 13, 2025
View reviewed changes
.github/workflows/gemini-issue-automated-triage.yml
LABELS_TO_APPLY: '${{ steps.suggest_labels.outputs.result }}'
ISSUE_NUMBER: '${{ github.event.issue.number }}'
run: |
set -euo pipefail
Copy link
Contributor

@sethvargo sethvargo Aug 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need all this bash? It seems pretty brittle... I wonder if we could export JSON or something machine-parseable instead? Alternatively, could we use the action-script action to do this in node, which would likely be a bit cleaner?

Copy link
Contributor

@jerop jerop Aug 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implemented this approach in #171

@sethvargo
Copy link
Contributor

sethvargo commented Aug 14, 2025

Superceeded by #171

@sethvargo sethvargo closed this Aug 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jerop jerop jerop left review comments

@verbanicm verbanicm Awaiting requested review from verbanicm verbanicm is a code owner automatically assigned from google-github-actions/maintainers

@bdmorgan bdmorgan Awaiting requested review from bdmorgan bdmorgan is a code owner automatically assigned from google-github-actions/run-gemini-cli-maintainers

@aliciatang07 aliciatang07 Awaiting requested review from aliciatang07 aliciatang07 is a code owner automatically assigned from google-github-actions/run-gemini-cli-maintainers

+1 more reviewer

@sethvargo sethvargo sethvargo left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cornmander @sethvargo @jerop