Skip to content

fix: mitigate prompt injection in issue triage workflows #170

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

fix: mitigate prompt injection in issue triage workflows #170

wants to merge 1 commit into from

Conversation

cornmander
Copy link

This PR mitigates a prompt injection vulnerability in the issue triage workflows by separating the label suggestion and application steps.

@cornmander cornmander requested review from a team as code owners August 13, 2025 03:07
jerop
jerop reviewed Aug 13, 2025
View reviewed changes
.github/workflows/gemini-issue-automated-triage.yml
uses: './'
id: 'gemini_issue_triage'
id: 'suggest_labels'
env:
GITHUB_TOKEN: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we remove this too by fetching labels upfront? then we can also remove gh label list

sethvargo
sethvargo reviewed Aug 13, 2025
View reviewed changes
.github/workflows/gemini-issue-automated-triage.yml
LABELS_TO_APPLY: '${{ steps.suggest_labels.outputs.result }}'
ISSUE_NUMBER: '${{ github.event.issue.number }}'
run: |
set -euo pipefail
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need all this bash? It seems pretty brittle... I wonder if we could export JSON or something machine-parseable instead? Alternatively, could we use the action-script action to do this in node, which would likely be a bit cleaner?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implemented this approach in #171

@sethvargo
Copy link
Member

Superceeded by #171

@sethvargo sethvargo closed this Aug 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sethvargo sethvargo sethvargo left review comments

@jerop jerop jerop left review comments

@verbanicm verbanicm Awaiting requested review from verbanicm verbanicm is a code owner automatically assigned from google-github-actions/maintainers

@bdmorgan bdmorgan Awaiting requested review from bdmorgan bdmorgan is a code owner automatically assigned from google-github-actions/run-gemini-cli-maintainers

@aliciatang07 aliciatang07 Awaiting requested review from aliciatang07 aliciatang07 is a code owner automatically assigned from google-github-actions/run-gemini-cli-maintainers

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cornmander @sethvargo @jerop