openwork

eliott/openwork

Fork 0

mirror of https://github.com/different-ai/openwork synced 2026-04-28 10:29:04 +02:00

Commit Graph

Author	SHA1	Message	Date
xj	86dc0feeb4	fix: prevent shell injection in opencode-agents workflow (#722 ) The triage-issue job interpolated $ISSUE_TITLE and $ISSUE_BODY unquoted inside a double-quoted shell string, allowing any GitHub user to execute arbitrary commands by opening an issue with shell metacharacters. The duplicate-prs job similarly interpolated $COMMENT unquoted into a gh pr comment --body argument. Fix both by using printf with %s (prevents shell interpretation) and --body-file (avoids inline interpolation entirely). Co-authored-by: xj <gh-xj@users.noreply.github.com>	2026-03-03 16:19:49 -08:00
ben	71ebdd8462	feat: add opencode agent automation (#178 ) * feat: add opencode agent automation * chore: update Cargo.lock	2026-01-21 14:13:47 -08:00

Author

SHA1

Message

Date

86dc0feeb4

fix: prevent shell injection in opencode-agents workflow (#722 )

The triage-issue job interpolated $ISSUE_TITLE and $ISSUE_BODY unquoted
inside a double-quoted shell string, allowing any GitHub user to execute
arbitrary commands by opening an issue with shell metacharacters.

The duplicate-prs job similarly interpolated $COMMENT unquoted into a
gh pr comment --body argument.

Fix both by using printf with %s (prevents shell interpretation) and
--body-file (avoids inline interpolation entirely).

Co-authored-by: xj <gh-xj@users.noreply.github.com>

2026-03-03 16:19:49 -08:00

ben

71ebdd8462

feat: add opencode agent automation (#178 )

* feat: add opencode agent automation

* chore: update Cargo.lock

2026-01-21 14:13:47 -08:00

2 Commits