[task] Fix template injection risks in mcp-inspector.md and copilot-session-insights.md #3984
Description
Objective
Review and fix potential template injection vulnerabilities in two workflows where untrusted data may flow into template expressions.
Context
Static analysis identified potential code injection risks via template expansion at:
mcp-inspector.md(line 1130) - "Setup MCPs" step namecopilot-session-insights.md(line 205) - continue-on-error directive
While marked as LOW severity, this could escalate if combined with other vulnerabilities.
From discussion #3945 (Static Analysis Report - November 14, 2025).
Approach
- Review the template expressions at the identified lines
- Trace data flow to determine if untrusted user input is interpolated
- If untrusted data is used, sanitize it before template expansion
- Use environment variables or intermediate steps as needed
- Ensure no GitHub context variables containing user input are used directly in expressions
Files to Modify
.github/workflows/mcp-inspector.md(line 1130).github/workflows/copilot-session-insights.md(line 205)
Security Best Practices
- Never use
${{ github.event.issue.title }},${{ github.event.issue.body }}, or similar untrusted inputs directly - Use
needs.activation.outputs.textfor sanitized context instead - Pass untrusted data through environment variables
- Validate and sanitize inputs before use
Acceptance Criteria
- Template expressions at mcp-inspector.md:1130 reviewed
- Template expressions at copilot-session-insights.md:205 reviewed
- No untrusted user input flows into template expressions
- Environment variables or sanitization used where needed
- Both workflows compile successfully
- Functionality preserved after changes
- Documentation added explaining the security consideration
Security Impact
Prevents potential code injection attacks via template expansion, especially important for workflows processing public repository content.
Estimated Effort
2 hours
AI generated by Plan Command for discussion #3945