Fix template injection warnings by moving expressions to environment variables

[Copilot]

Zizmor flagged 5 template injection warnings. Analysis shows all use trusted GitHub context (job outputs, system values), not user input—making them false positives.

Changes

Fixed: release.md

• Moved needs.release.outputs.release_id from inline echo to env var
• Eliminates zizmor warning

Improved: yaml_generation.go

• Moved github.server_url from run script to env section
• Applies best practice consistently with github.repository

  - name: Configure Git credentials
    env:
      REPO_NAME: ${{ github.repository }}
+     SERVER_URL: ${{ github.server_url }}
    run: |
-     SERVER_URL="${{ github.server_url }}"
-     SERVER_URL="${SERVER_URL#https://}"
+     SERVER_URL_STRIPPED="${SERVER_URL#https://}"
      git remote set-url origin "https://x-access-token:${TOKEN}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git"

Documented as safe (no changes):

• breaking-change-checker.md: Step outputs in if: conditions—evaluated by Actions runner, not shell
• duplicate-code-detector.md: Same as above
• mcp-inspector.md: Already using env vars (recommended pattern)

All expressions use workflow-controlled or GitHub-provided values. No untrusted user input involved.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/user
  • Triggering command: /usr/bin/gh gh api user --jq .login (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[plan] Review and address template injection warnings</issue_title>
<issue_description>## Objective

Review the 5 template injection warnings identified by zizmor and implement appropriate input sanitization where needed.

Context

Priority: 🔵 Priority 4 (Low/Informational security warnings)

While these are marked as Informational/Low severity, template injection vulnerabilities should be reviewed to ensure proper input sanitization in GitHub expressions.

Affected Workflows

1. breaking-change-checker.md - Line 5781:9 (Informational)

   • Step: "Assign copilot to created issues"

2. changeset.md - Line 6254:9 (Informational)

   • Step: "Configure Git credentials"

3. duplicate-code-detector.md - Line 5668:9 (Informational)

   • Step: "Assign copilot to created issues"

4. mcp-inspector.md - Line 1784:9 (Low)

   • Step: "Setup MCPs"

5. release.md - Line 461:9 (Informational)

   • Step: "Setup environment and fetch release data"

Reference: (redacted)#template-injection

Approach

For each workflow:

1. Identify the GitHub expression that triggered the warning
2. Determine if untrusted user input is being used in the expression
3. If yes, implement one of these mitigations:
   • Use environment variables with ${{ env.VAR }} instead of direct injection
   • Use github.event.*.id (numeric IDs) instead of text fields
   • Sanitize inputs before use
4. If the expression only uses trusted GitHub context, document why it's safe

Files to Review

• .github/workflows/breaking-change-checker.md (line ~5781)
• .github/workflows/changeset.md (line ~6254)
• .github/workflows/duplicate-code-detector.md (line ~5668)
• .github/workflows/mcp-inspector.md (line ~1784)
• .github/workflows/release.md (line ~461)

Acceptance Criteria

• All 5 template injection warnings reviewed
• Mitigation applied or safety documented for each case
• Zizmor scan shows reduced warnings (or documented acceptance)
• No functional regressions in affected workflows
• Security review notes documented in commit message

Testing

# Re-run zizmor scan on all affected workflows
gh aw compile breaking-change-checker --zizmor
gh aw compile changeset --zizmor
gh aw compile duplicate-code-detector --zizmor
gh aw compile mcp-inspector --zizmor
gh aw compile release --zizmor

Related to #5294

AI generated by Plan Command for discussion #5280

Comments on the Issue (you are @copilot in this section)

• Fixes [plan] Review and address template injection warnings #5299

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

---

Changeset

• Type: patch
• Description: Fix template injection warnings by moving expressions to environment variables and documenting safe cases (release.md, yaml_generation.go).

AI generated by Changeset Generator

---

---

Smoke Test Summary

Timestamp: 2025-12-03T14:10:06 UTC
Status: PASS
Summary: All Copilot engine tests passed - GitHub MCP, file operations, bash commands, and Playwright browser automation validated.

AI generated by Smoke Copilot No Firewall

[github-actions]

🤖 SYSTEM_INIT: Smoke Copilot No Firewall ACTIVATED. PROCESSING pull request. ALL SUBSYSTEMS ONLINE.

[github-actions]

📰 BREAKING: Smoke Copilot Playwright is now investigating this pull request. Sources say the story is developing...

[github-actions]

🔮 The ancient spirits stir... Smoke Codex awakens to divine this pull request...

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

💥 WHOOSH! Smoke Claude springs into action on this pull request! [Panel 1 begins...]

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

Copilot Engine Smoke Test Results

✅ GitHub MCP: #5397 "[docs] Update glossary - daily scan", #5378 "Complete Run→RunE migration for all remaining commands"
✅ File Writing: Created test file successfully
✅ Bash Tool: File verification succeeded

Status: PASS

📰 BREAKING: Report filed by Smoke Copilot fer issue #5381 🗺️

[github-actions]

Smoke Test Results (Copilot - No Firewall)

Last 2 Merged PRs:

• [instructions] Sync github-agentic-workflows.md with undocumented features #5386: [instructions] Sync github-agentic-workflows.md with undocumented features
• [docs] Update glossary - daily scan #5397: [docs] Update glossary - daily scan

Test Results:

• ✅ GitHub MCP: Retrieved PR data successfully
• ✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-copilot-19896685930.txt
• ✅ Bash Tool: Verified file content
• ✅ Playwright MCP: Navigated to GitHub, title contains "GitHub"

Overall Status: PASS

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall fer issue #5381 🗺️

[github-actions]

Smoke Test Results

Recent PRs:

• [instructions] Sync github-agentic-workflows.md with undocumented features #5386: [instructions] Sync github-agentic-workflows.md with undocumented features
• [docs] Update glossary - daily scan #5397: [docs] Update glossary - daily scan

Test Results:

• ✅ GitHub MCP
• ✅ File Writing
• ✅ Bash Tool
• ✅ Playwright MCP

Status: PASS

💥 [THE END] — Illustrated by Smoke Claude fer issue #5381 🗺️

[github-actions]

Smoke Test: Copilot Engine + Playwright

✅ Playwright Navigation: Successfully navigated to https://github.com
✅ Title Verification: Page title contains "GitHub" ✓

Status: PASS

📰 BREAKING: Report filed by Smoke Copilot Playwright fer issue #5381 🗺️

[github-actions]

• [docs] Update glossary - daily scan
• [instructions] Sync github-agentic-workflows.md with undocumented features
  GitHub MCP review ✅
  File creation ✅
  cat verification ✅
  Playwright title check ✅
  Overall: PASS

🔮 The oracle has spoken through Smoke Codex fer issue #5381 🗺️