复合动作 on 办公AI智能小助手

复合动作 on 办公AI智能小助手 https://blog.qife122.com/tags/%E5%A4%8D%E5%90%88%E5%8A%A8%E4%BD%9C/ Recent content in 复合动作 on 办公AI智能小助手 Hugo zh-cn qife Sun, 09 Nov 2025 20:53:48 +0800 GitHub Actions复合动作中的代码注入漏洞分析与修复 https://blog.qife122.com/p/github-actions%E5%A4%8D%E5%90%88%E5%8A%A8%E4%BD%9C%E4%B8%AD%E7%9A%84%E4%BB%A3%E7%A0%81%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E4%B8%8E%E4%BF%AE%E5%A4%8D/ Sun, 09 Nov 2025 20:53:48 +0800 https://blog.qife122.com/p/github-actions%E5%A4%8D%E5%90%88%E5%8A%A8%E4%BD%9C%E4%B8%AD%E7%9A%84%E4%BB%A3%E7%A0%81%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E4%B8%8E%E4%BF%AE%E5%A4%8D/ <h2 id="漏洞概述">漏洞概述</h2> <p>GitHub Actions复合动作<code>j178/prek-action</code>存在任意代码注入漏洞，攻击者可通过恶意构造的输入参数在动作执行上下文中执行任意代码。</p>