GitHub Actions Workflow Exposes API Keys via Unvalidated Shell Injection

A critical command injection vulnerability has been identified in the `regenerate-image.yml` GitHub Actions workflow, allowing any collaborator with `workflow_dispatch` permissions to execute arbitrary shell commands in the runner environment. The flaw stems from direct interpolation of unsanitized workflow inputs into shell blocks, exposing sensitive credentials including `BLOG_TOKEN`, `OPENAI_API_KEY`, and `ANTHROPIC_API_KEY`. The vulnerability affects `slug`, `topic`, and `summary` inputs in the affected workflow, creating multiple potential attack vectors against the CI/CD pipeline.

The mechanism exploits the workflow's failure to validate or quote user-supplied inputs before passing them to `run:` blocks. Commands including `cp`, `git checkout -b`, `git add`, and `git commit -m` accept unvalidated input, enabling command chaining and arbitrary execution. A proof-of-concept slug provided in the disclosure—`foo && env > /tmp/leaked && cat /tmp/leaked #`—demonstrates how an attacker could dump environment variables containing API keys to a temporary file for exfiltration. Any collaborator with the ability to trigger workflows manually poses a credible threat vector under this configuration.

The disclosure proposes input validation using a regex pattern matching `[a-z0-9][a-z0-9-]{0,79}$` to enforce a safe slug format before any shell execution. Organizations using similar GitHub Actions patterns should audit their workflows for unsanitized `workflow_dispatch` inputs interpolated into shell commands. The exposure of high-value API keys through a workflow trigger mechanism represents a significant supply chain and secrets management risk, particularly for repositories handling external integrations or content generation pipelines.