From 8901cf20fca84ad6bd9bc86e710a6aea34529afb Mon Sep 17 00:00:00 2001
From: Arjun Suresh <arjun@gateoverflow.com>
Date: Thu, 4 Sep 2025 16:53:48 +0100
Subject: [PATCH 1/2] Potential fix for code scanning alert no. 12: Code
 injection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/test-mlperf-inference-retinanet.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test-mlperf-inference-retinanet.yml b/.github/workflows/test-mlperf-inference-retinanet.yml
index 860f23fe6..083949a9c 100644
--- a/.github/workflows/test-mlperf-inference-retinanet.yml
+++ b/.github/workflows/test-mlperf-inference-retinanet.yml
@@ -45,8 +45,10 @@ jobs:
         pip install mlcflow
         pip install tabulate
     - name: Pull MLOps repo
+      env:
+        BRANCH: ${{ github.event.pull_request.head.ref }}
       run: |
-        mlc pull repo ${{ github.event.pull_request.head.repo.html_url }} --branch=${{ github.event.pull_request.head.ref }}
+        mlc pull repo ${{ github.event.pull_request.head.repo.html_url }} --branch="$BRANCH"
 
     - name: Test MLPerf Inference Retinanet using ${{ matrix.backend }} on ${{ matrix.os }}
       if: matrix.os == 'windows-latest'

From 623e5e3ea9add45f71b14e44bc2e3f5b892cc285 Mon Sep 17 00:00:00 2001
From: Arjun Suresh <arjun@gateoverflow.com>
Date: Thu, 4 Sep 2025 16:54:40 +0100
Subject: [PATCH 2/2] Update test-mlperf-inference-retinanet.yml

---
 .github/workflows/test-mlperf-inference-retinanet.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test-mlperf-inference-retinanet.yml b/.github/workflows/test-mlperf-inference-retinanet.yml
index 083949a9c..b65e0d7cd 100644
--- a/.github/workflows/test-mlperf-inference-retinanet.yml
+++ b/.github/workflows/test-mlperf-inference-retinanet.yml
@@ -46,9 +46,10 @@ jobs:
         pip install tabulate
     - name: Pull MLOps repo
       env:
+        REPO: ${{ github.event.pull_request.head.repo.html_url }}
         BRANCH: ${{ github.event.pull_request.head.ref }}
       run: |
-        mlc pull repo ${{ github.event.pull_request.head.repo.html_url }} --branch="$BRANCH"
+        mlc pull repo "$REPO" --branch="$BRANCH"
 
     - name: Test MLPerf Inference Retinanet using ${{ matrix.backend }} on ${{ matrix.os }}
       if: matrix.os == 'windows-latest'