Merge pull request #141 from deadlydog/copilot-autofix-for-potential-code-injection

Potential fix for code scanning alert no. 1: Code injection

Author: deadlydog

.github/workflows/process-new-powershell-tip-issue.yml

@@ -72,11 +72,12 @@ jobs:
       - name: Extract tip information from issue and create new tip file
         id: create-tip-file
         shell: pwsh
+        env:
+          # Avoid script injection by retrieving the issue body via an environment variable instead of injecting the text directly into the script.
+          ISSUE_BODY: ${{ github.event.issue.body }}
         run: |
           Write-Output "Reading information from GitHub issue..."
-          $body = @'
-          ${{ github.event.issue.body }}
-          '@
+          $body = $Env:ISSUE_BODY
 
           Write-Output "Displaying issue body for troubleshooting purposes:"
           Write-Output "----------------------------------------"