From f8f4e902175826b74e3d924edb93bff85f7eee1b Mon Sep 17 00:00:00 2001
From: Sergio Alexander Florez Galeano <xergioalex@gmail.com>
Date: Sun, 31 May 2026 21:38:07 -0500
Subject: [PATCH] ci(release): pass commit log + version via env to harden
 auto-release
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The "Update CHANGELOG.md" step inlined the commit log into the shell
script with `COMMITS="${{ steps.version.outputs.commits }}"`. GitHub
Actions substitutes `${{ }}` into the script *source* before bash runs,
so a commit message containing a double quote — e.g.

  docs(skill): use the official Dailybot "Powered by" section in the README

closed the bash string early and the remainder ("by section in the
README") was executed as a command, failing the job with exit 127. This
is also a classic GHA script-injection vector.

Pass NEW_VERSION, NEW_TAG, and COMMITS through `env:` instead, so bash
receives them as real environment variables that are never re-parsed as
script source. Quotes, backticks, and $() in commit messages are now
inert.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 .github/workflows/auto-release.yml | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
index 2eb9bf4..e640d3a 100644
--- a/.github/workflows/auto-release.yml
+++ b/.github/workflows/auto-release.yml
@@ -112,8 +112,9 @@ jobs:
 
       - name: Bump version in ALL SKILL.md files
         if: steps.version.outputs.skip != 'true'
+        env:
+          NEW_VERSION: ${{ steps.version.outputs.new_version }}
         run: |
-          NEW_VERSION="${{ steps.version.outputs.new_version }}"
           # Sync the new version across every SKILL.md under skills/deepworkplan
           # (router + create/execute/refine/resume/status/onboard + addons).
           while IFS= read -r f; do
@@ -122,10 +123,14 @@ jobs:
 
       - name: Update CHANGELOG.md
         if: steps.version.outputs.skip != 'true'
+        env:
+          NEW_VERSION: ${{ steps.version.outputs.new_version }}
+          # Passed via env (NOT inlined with ${{ }}) so commit messages
+          # containing quotes, backticks, or $() can't break or inject into
+          # this shell script.
+          COMMITS: ${{ steps.version.outputs.commits }}
         run: |
-          NEW_VERSION="${{ steps.version.outputs.new_version }}"
           DATE=$(date -u +%Y-%m-%d)
-          COMMITS="${{ steps.version.outputs.commits }}"
 
           # Build the new section.
           {
@@ -157,9 +162,10 @@ jobs:
 
       - name: Commit, tag, push
         if: steps.version.outputs.skip != 'true'
+        env:
+          NEW_VERSION: ${{ steps.version.outputs.new_version }}
+          NEW_TAG: ${{ steps.version.outputs.new_tag }}
         run: |
-          NEW_VERSION="${{ steps.version.outputs.new_version }}"
-          NEW_TAG="${{ steps.version.outputs.new_tag }}"
           git add -A
           git commit -m "chore(release): ${NEW_VERSION} [skip ci]"
           git tag -a "$NEW_TAG" -m "Release ${NEW_VERSION}"