From 6bcbdc8b4cdb58062d59e548535268af0d7f737c Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 28 Mar 2026 21:07:50 +0000
Subject: [PATCH 2/2] fix: avoid shell injection when issue body contains
 single quotes in move-to-main-repo workflow

Agent-Logs-Url: https://github.com/community-scripts/ProxmoxVED/sessions/218a4dbe-5133-4ddf-a076-4b2a9db9dd45

Co-authored-by: MickLesk <47820557+MickLesk@users.noreply.github.com>
---
 .github/workflows/move-to-main-repo.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/move-to-main-repo.yaml b/.github/workflows/move-to-main-repo.yaml
index bfcd561f..a4ae86f0 100644
--- a/.github/workflows/move-to-main-repo.yaml
+++ b/.github/workflows/move-to-main-repo.yaml
@@ -38,12 +38,13 @@ jobs:
         id: list_issues
         env:
           GH_TOKEN: ${{ github.token }}
+          ISSUE_JSON: ${{ toJson(github.event.issue) }}
         run: |
           echo "Resolving issue with label Migration To ProxmoxVE"
 
           if [[ "${{ github.event_name }}" == "issues" ]]; then
             # For labeled issue events, use the exact issue from event payload.
-            filtered_issue='${{ toJson(github.event.issue) }}'
+            filtered_issue="$ISSUE_JSON"
           else
             # Fallback for workflow_dispatch: query explicitly by label and raise limit.
             raw_output=$(gh issue list \