1. GitHub Actions Workflow Exposes API Keys via Unvalidated Shell Injection
A critical command injection vulnerability has been identified in the `regenerate-image.yml` GitHub Actions workflow, allowing any collaborator with `workflow_dispatch` permissions to execute arbitrary shell commands in the runner environment. The flaw stems from direct interpolation of unsanitized workflow inputs into...