From f81eebf5554fc044647d9bfbf9d5d0dbaa567fc4 Mon Sep 17 00:00:00 2001
From: ShaharNaveh <50263213+ShaharNaveh@users.noreply.github.com>
Date: Mon, 30 Mar 2026 17:35:36 +0200
Subject: [PATCH] Resolve template injection

---
 .github/workflows/comment-commands.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/comment-commands.yml b/.github/workflows/comment-commands.yml
index 3f3402270ea..eb9e2f96d1a 100644
--- a/.github/workflows/comment-commands.yml
+++ b/.github/workflows/comment-commands.yml
@@ -18,4 +18,6 @@ jobs:
     steps:
       # Using REST API and not `gh issue edit`. https://github.com/cli/cli/issues/6235#issuecomment-1243487651
       - run: |
-          curl -H "Authorization: token ${{ github.token }}" -d '{"assignees": ["${{ github.event.comment.user.login }}"]}' https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/assignees
+          curl -H "Authorization: token ${{ github.token }}" -d '{"assignees": ["${{ env.USER }}"]}' https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/assignees
+        env:
+          USER:  ${{ github.event.comment.user.login }}