From 7ec1314fad98d812ebbbd3970d53c941bb38a7e4 Mon Sep 17 00:00:00 2001
From: "aikido-autofix[bot]"
 <119856028+aikido-autofix[bot]@users.noreply.github.com>
Date: Thu, 12 Mar 2026 10:29:56 +0000
Subject: [PATCH] fix(security): autofix Template Injection in GitHub Workflows
 Action

---
 .github/actions/merge/action.yml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/.github/actions/merge/action.yml b/.github/actions/merge/action.yml
index 002146793..7e1fee1a4 100644
--- a/.github/actions/merge/action.yml
+++ b/.github/actions/merge/action.yml
@@ -41,8 +41,12 @@ runs:
 
     - name: Merge
       shell: bash
+      env:
+        TAGS: ${{ inputs.tags }}
+        ALTERNATE_REGISTRY: ${{ inputs.alternate_registry }}
+        DRY_RUN: ${{ inputs.dry_run }}
       run: |
         .github/actions/merge/merge.sh \
-          --tags "${{ inputs.tags }}" \
-          --alternate-registry "${{ inputs.alternate_registry }}" \
-          --dry-run "${{ inputs.dry_run }}"
+          --tags "$TAGS" \
+          --alternate-registry "$ALTERNATE_REGISTRY" \
+          --dry-run "$DRY_RUN"