Prevent command injection by passing untrusted GitHub context values
(workflow_run.name and workflow_run.head_branch) through environment
variables instead of direct shell interpolation.
The vulnerability allowed malicious branch names with shell metacharacters
like $() to execute arbitrary commands. Now these values are safely passed
as environment variables which prevents shell expansion.
Fixes: HIGH severity command injection vulnerability on lines 66-67, 92
* feat: add structured output support
Add support for Agent SDK structured outputs.
New input: json_schema
Output: structured_output (JSON string)
Access: fromJSON(steps.id.outputs.structured_output).field
Docs: https://docs.claude.com/en/docs/agent-sdk/structured-outputs
* rm unused
* refactor: simplify structured outputs to use claude_args
Remove json_schema input in favor of passing --json-schema flag directly
in claude_args. This simplifies the interface by treating structured outputs
like other CLI flags (--model, --max-turns, etc.) instead of as a special
input that gets injected.
Users now specify: claude_args: '--json-schema {...}'
Instead of separate: json_schema: {...}
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* chore: remove unused json-schema util and revert version
- Remove src/utils/json-schema.ts (no longer used after refactor)
- Revert Claude Code version from 2.0.45 back to 2.0.42
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
