From e151c64c2bd80d2d53ac1333f1df9429fe6a1a11 Mon Sep 17 00:00:00 2001
From: Hatem Hosny <hatemhosny@gmail.com>
Date: Mon, 23 Feb 2026 08:38:07 +0200
Subject: [PATCH] ci(i18n): fix github action security issue

---
 .github/workflows/i18n-update-pull.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/i18n-update-pull.yml b/.github/workflows/i18n-update-pull.yml
index 0a5c9a74d..17f615c25 100644
--- a/.github/workflows/i18n-update-pull.yml
+++ b/.github/workflows/i18n-update-pull.yml
@@ -126,12 +126,14 @@ jobs:
 
       - name: Create a new i18n PR, comment on source PR and reaction
         uses: actions/github-script@v7
+        env:
+          ISSUE_TITLE: ${{ github.event.issue.title }}
         with:
           github-token: ${{ steps.generate-token.outputs.token }}
           script: |
             const repoURL = context.payload.repository.html_url;
             const branchURL = `${repoURL}/tree/${process.env.NEW_BRANCH}`;
-            const prTitle = `i18n: ${{ github.event.issue.title }}`;
+            const prTitle = `i18n: ${process.env.ISSUE_TITLE}`;
             const prBody = `## What type of PR is this? (check all applicable)
 
             - [ ] ✨ Feature