From 3e209f91e6a49d3881484588508295bfe72dbd58 Mon Sep 17 00:00:00 2001
From: UnixUser <38821945+Unix-User@users.noreply.github.com>
Date: Tue, 3 Jun 2025 10:08:45 -0300
Subject: [PATCH] Potential fix for code scanning alert no. 6: Expression
 injection in Actions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/main.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index e02fc19..517cc79 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -6,8 +6,11 @@ jobs:
     steps:
       - name: Get short commit message
         id: short_commit_message
+        env:
+          HEAD_COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
         run: |
-          echo "SHORT_MESSAGE=$(echo '${{ github.event.head_commit.message }}' | tr -d '\n' | cut -c 1-50 | sed 's/[;&\`'\'']/ /g')" >> $GITHUB_ENV
+          SHORT_MESSAGE=$(echo "$HEAD_COMMIT_MESSAGE" | tr -d '\n' | cut -c 1-50 | sed 's/[;&`'\'']/ /g')
+          echo "SHORT_MESSAGE=$SHORT_MESSAGE" >> $GITHUB_ENV
       - uses: noweh/post-tweet-v2-action@v1.0
         with:
           message: |