github · pelikhan · Feb 12, 2026 · Feb 12, 2026 · Feb 12, 2026 · Feb 12, 2026
diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml
diff --git a/.github/workflows/workflow-generator.lock.yml b/.github/workflows/workflow-generator.lock.yml
diff --git a/actions/setup/js/collect_ndjson_output.cjs b/actions/setup/js/collect_ndjson_output.cjs
@@ -2,7 +2,7 @@
 /// <reference types="@actions/github-script" />
 
 const { getErrorMessage } = require("./error_helpers.cjs");
-const { repairJson } = require("./json_repair_helpers.cjs");
+const { repairJson, sanitizePrototypePollution } = require("./json_repair_helpers.cjs");
 const { AGENT_OUTPUT_FILENAME, TMP_GH_AW_PATH } = require("./constants.cjs");
 
 async function main() {
@@ -128,11 +128,15 @@ async function main() {
     }
     function parseJsonWithRepair(jsonStr) {
       try {
-        return JSON.parse(jsonStr);
+        const parsed = JSON.parse(jsonStr);
+        // Sanitize the parsed object to prevent prototype pollution
+        return sanitizePrototypePollution(parsed);
       } catch (originalError) {
         try {
           const repairedJson = repairJson(jsonStr);
-          return JSON.parse(repairedJson);
+          const parsed = JSON.parse(repairedJson);
+          // Sanitize the parsed object to prevent prototype pollution
+          return sanitizePrototypePollution(parsed);
         } catch (repairError) {
           core.info(`invalid input json: ${jsonStr}`);
           const originalMsg = originalError instanceof Error ? originalError.message : String(originalError);

diff --git a/actions/setup/js/json_repair_helpers.cjs b/actions/setup/js/json_repair_helpers.cjs
@@ -1,5 +1,101 @@
 // @ts-check
 
+/**
+ * Sanitizes an object to remove dangerous prototype pollution keys using a stack-based algorithm.
+ * This function removes keys that could be used for prototype pollution attacks:
+ * - __proto__: JavaScript's prototype chain accessor
+ * - constructor: Object constructor property
+ * - prototype: Function prototype property
+ *
+ * Uses an iterative approach with a stack to handle deeply nested structures and
+ * protect against stack overflow from malicious recursive object trees.
+ *
+ * @param {any} obj - The object to sanitize (can be any type)
+ * @returns {any} The sanitized object with dangerous keys removed
+ *
+ * @example
+ * // Removes __proto__ key
+ * sanitizePrototypePollution({name: "test", __proto__: {isAdmin: true}})
+ * // Returns: {name: "test"}
+ *
+ * @example
+ * // Handles nested objects
+ * sanitizePrototypePollution({outer: {__proto__: {bad: true}, safe: "value"}})
+ * // Returns: {outer: {safe: "value"}}
+ */
+function sanitizePrototypePollution(obj) {
+  // Handle non-objects (primitives, null, undefined)
+  if (obj === null || typeof obj !== "object") {
+    return obj;
+  }
+
+  // Dangerous keys that can be used for prototype pollution
+  const dangerousKeys = ["__proto__", "constructor", "prototype"];
+
+  // Track visited objects to handle circular references
+  const seen = new WeakMap();
+
+  // Stack-based traversal to avoid recursion and stack overflow
+  // Each entry: { source: original object, target: sanitized object, parent: parent target, key: property key }
+  const stack = [];
+  const root = Array.isArray(obj) ? [] : {};
+  seen.set(obj, root);
+  stack.push({ source: obj, target: root, parent: null, key: null });
+
+  while (stack.length > 0) {
+    const item = stack.pop();
+    if (!item) continue;
+    const { source, target } = item;
+
+    if (Array.isArray(source)) {
+      // Process array elements
+      for (let i = 0; i < source.length; i++) {
+        const value = source[i];
+        if (value === null || typeof value !== "object") {
+          // Primitive value - copy directly
+          target[i] = value;
+        } else if (seen.has(value)) {
+          // Circular reference detected - use existing sanitized object
+          target[i] = seen.get(value);
+        } else {
+          // New object or array - create sanitized version and add to stack
+          const newTarget = Array.isArray(value) ? [] : {};
+          target[i] = newTarget;
+          seen.set(value, newTarget);
+          stack.push({ source: value, target: newTarget, parent: target, key: i });
+        }
+      }
+    } else {
+      // Process object properties
+      for (const key in source) {
+        // Skip dangerous keys
+        if (dangerousKeys.includes(key)) {
+          continue;
+        }
+        // Only process own properties (not inherited)
+        if (Object.prototype.hasOwnProperty.call(source, key)) {
+          const value = source[key];
+          if (value === null || typeof value !== "object") {
+            // Primitive value - copy directly
+            target[key] = value;
+          } else if (seen.has(value)) {
+            // Circular reference detected - use existing sanitized object
+            target[key] = seen.get(value);
+          } else {
+            // New object or array - create sanitized version and add to stack
+            const newTarget = Array.isArray(value) ? [] : {};
+            target[key] = newTarget;
+            seen.set(value, newTarget);
+            stack.push({ source: value, target: newTarget, parent: target, key: key });
+          }
+        }
+      }
+    }
+  }
+
+  return root;
+}
+
 /**
  * Attempts to repair malformed JSON strings using various heuristics.
  * This function applies multiple repair strategies to fix common JSON formatting issues:
@@ -76,4 +172,4 @@ function repairJson(jsonStr) {
   return repaired;
 }
 
-module.exports = { repairJson };
+module.exports = { repairJson, sanitizePrototypePollution };