From 1ca11eae630c62b9551b0c955666aa6b1c8af928 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 4 May 2026 14:00:29 +0000 Subject: [PATCH] docs: clarify issue #1065 user-facing text Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/actions/get-prs-with-merge-conflicts/action.yml | 2 +- SECURITY.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/get-prs-with-merge-conflicts/action.yml b/.github/actions/get-prs-with-merge-conflicts/action.yml index 57af0535..d5835994 100644 --- a/.github/actions/get-prs-with-merge-conflicts/action.yml +++ b/.github/actions/get-prs-with-merge-conflicts/action.yml @@ -1,5 +1,5 @@ name: "Get PRs With Merge Conflicts" -description: "Wait briefly, then list open non-draft PRs with mergeStateStatus DIRTY" +description: "Wait briefly, then list open non-draft PRs with merge conflicts (mergeStateStatus=DIRTY)" inputs: github-token: diff --git a/SECURITY.md b/SECURITY.md index 705f7086..a0cb2314 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -12,7 +12,7 @@ AI agents like Claude can execute code, make API calls, and consume costly resou - **Prompt injection**: Malicious content in issues/comments could manipulate the AI - **Resource exhaustion**: Workflows could be triggered repeatedly to exhaust CI minutes -The Claude Code GitHub action will not run for external users. That doesn't mean that steps in the workflow prior to the Claude Code step will not run for external users. It's important to practice good security hygiene and not allow external users to trigger workflows that have access to sensitive information or resources. +The Claude Code GitHub Action does not run for external users. However, steps before the Claude Code step can still run for external users. It's important to practice good security hygiene and not allow external users to trigger workflows that have access to sensitive information or resources. ### Author Association Checks